Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

finish off malware removal

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

finish off malware removal

Unread postby Blazinby » January 18th, 2016, 11:15 am

Hey all :oops: ,

I had another thread open but didn't reply within the three days, I understand the need to close inactive threads and have apologised to the person who was helping me.

Thanks to the work of capnkruch my PC seems to be in pretty good shape now but I know we hadn't finished.

I have included FRST log if anyone could look at it and help

thanks

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-01-2015 01
Ran by stephen (administrator) on MAGGIE (18-01-2016 15:08:20)
Running from C:\Users\stephen\Downloads
Loaded Profiles: stephen (Available Profiles: stephen & maggi_000 & cmcga_000)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Autodesk Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
() C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
(DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MouseDriver] => C:\windows\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8492800 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2757424 2015-11-12] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508104 2015-09-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2292912 2015-09-17] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [WinCalendar V4] => C:\Program Files (x86)\WinCalendar V4\WinCalendarV4_SysTray.exe [81944 2015-04-01] (Sapro Systems)
HKLM-x32\...\Run: [AdobeCS4ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [522784 2015-11-17] (Autodesk Inc.)
HKU\S-1-5-21-3488279127-63086370-3813774398-1001\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [457088 2015-09-23] (Sony)
HKU\S-1-5-21-3488279127-63086370-3813774398-1001\...\Run: [NvLedServiceHost] => C:\Program Files (x86)\NVIDIA Corporation\LED Visualizer\NvLedServiceHost.exe [87160 2015-11-12] ()
HKU\S-1-5-21-3488279127-63086370-3813774398-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [28917376 2015-05-14] (Skype Technologies S.A.)
HKU\S-1-5-21-3488279127-63086370-3813774398-1001\...\Run: [AdobeBridge] => C:\Program Files (x86)\Adobe\Adobe Bridge CS4\Bridge.exe [13145448 2008-08-28] (Adobe Systems, Inc.)
HKU\S-1-5-21-3488279127-63086370-3813774398-1001\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1310088 2015-01-27] (Autodesk, Inc.)
HKU\S-1-5-21-3488279127-63086370-3813774398-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8590760 2015-12-08] (Piriform Ltd)
HKU\S-1-5-21-3488279127-63086370-3813774398-1001\...\Run: [Akamai NetSession Interface] => C:\Users\stephen\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3488279127-63086370-3813774398-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [787592 2015-10-22] (Sandboxie Holdings, LLC)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-09-11] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-09-11] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-09-11] ()
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\windows\system32\AcSignIcon.dll [2015-02-06] (Autodesk, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-01-16]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.11.266\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-01-06]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{9aaae056-d5ce-4a6d-8bc3-858c059e961a}: [DhcpNameServer] 194.168.4.100 194.168.8.100

Internet Explorer:
==================
HKU\S-1-5-21-3488279127-63086370-3813774398-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkI ... id=UE01DHP
HKU\S-1-5-21-3488279127-63086370-3813774398-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-gb/?pc=UE01&ocid=UE01DHP
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3488279127-63086370-3813774398-1001 -> DefaultScope {C2415D81-242C-4BA6-B59A-8EDB5E7B07F7} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-3488279127-63086370-3813774398-1001 -> {C2415D81-242C-4BA6-B59A-8EDB5E7B07F7} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-12-16] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2015-11-22] (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-12-16] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-22] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-11-22] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-22] (Oracle Corporation)
Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll No File

FireFox:
========
FF ProfilePath: C:\Users\stephen\AppData\Roaming\Mozilla\Firefox\Profiles\iqn7ummx.default-1449965770414
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2015-12-29] ()
FF Plugin: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-22] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-09-17] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [No File]
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-22] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-02-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-05-12] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-05-12] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> D:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> D:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-09-17] (Adobe Systems)
FF Plugin HKU\S-1-5-21-3488279127-63086370-3813774398-1001: sony.com/MediaGoDetector -> C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll [2015-11-20] (Sony Network Entertainment International LLC)

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [ihenkjeihefokohmemphikjnjbmegdik] - "C:\Program Files (x86)\Sony\Media Go\MediaGoDetector.crx" <not found>

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [1139744 2015-11-17] (Autodesk Inc.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [669872 2015-09-15] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2016448 2015-11-25] (Adobe Systems, Incorporated)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2014-01-28] ()
R2 Autodesk Content Service; C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe [31160 2015-02-05] (Autodesk, Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2802360 2015-11-24] (Microsoft Corporation)
R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [249328 2015-06-24] (DTS, Inc)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156400 2015-11-12] (NVIDIA Corporation)
S4 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-03-20] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.11.266\McCHSvc.exe [235696 2015-12-02] (McAfee, Inc.)
S4 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872688 2015-11-12] (NVIDIA Corporation)
S4 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [8133424 2015-11-12] (NVIDIA Corporation)
S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5915440 2015-11-12] (NVIDIA Corporation)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [177800 2015-10-22] (Sandboxie Holdings, LLC)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-21] (DEVGURU Co., LTD.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
S3 AdobeFlashPlayerUpdateSvc; C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2013-12-13] (Advanced Micro Devices, Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-01-28] ()
R3 ElcMouLFlt; C:\Windows\System32\drivers\ElcMouLFlt.sys [28648 2015-12-04] (ELECOM)
R3 ElcMouUFlt; C:\Windows\System32\drivers\ElcMouUFlt.sys [27624 2015-12-04] (ELECOM)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-04-16] (Research In Motion Limited)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [192648 2015-10-22] (Sandboxie Holdings, LLC)
R3 t_mouse.sys; C:\Windows\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-18 08:27 - 2016-01-18 08:28 - 00686249 _____ C:\Users\maggi_000\Downloads\Poster(1).pdf
2016-01-17 19:11 - 2016-01-17 19:11 - 00000264 _____ C:\Users\stephen\Desktop\teamspeak.ini
2016-01-17 12:37 - 2016-01-17 12:37 - 03422072 _____ C:\Users\maggi_000\Downloads\APPX 4 Working it Out Report.PDF
2016-01-17 12:36 - 2016-01-17 12:36 - 00742236 _____ C:\Users\maggi_000\Downloads\APPX 6 GHN Annual ODM Monitoring Report 2014-15 FINAL.pdf
2016-01-17 12:36 - 2016-01-17 12:36 - 00323177 _____ C:\Users\maggi_000\Downloads\APPX 5 Money Talks Survey.pdf
2016-01-17 12:32 - 2016-01-17 12:32 - 02641949 _____ C:\Users\maggi_000\Downloads\APPX 2 Argyll & Bute Strategic Plan Consultation.pdf
2016-01-17 12:30 - 2016-01-17 12:30 - 00373864 _____ C:\Users\maggi_000\Downloads\APPX 3 GHN Homelessness 10 Year Audit.pdf
2016-01-17 12:28 - 2016-01-17 12:28 - 00509583 _____ C:\Users\maggi_000\Downloads\NES - EbyE Tender Response ALLIN FINAL.pdf
2016-01-17 12:26 - 2016-01-17 12:26 - 00497574 _____ C:\Users\maggi_000\Downloads\A&B ADP Tender Response (IE at GHN).pdf
2016-01-17 11:42 - 2016-01-17 11:42 - 00686249 _____ C:\Users\maggi_000\Downloads\Poster.pdf
2016-01-16 19:30 - 2016-01-16 19:30 - 00331357 _____ C:\Users\maggi_000\Downloads\Hostelworld_PDF_Guide_Glasgow.pdf
2016-01-16 18:25 - 2016-01-16 18:25 - 00820607 _____ C:\Users\maggi_000\Downloads\The-Golden-Lion-Chrismas-Brochure.pdf
2016-01-16 11:03 - 2016-01-16 11:03 - 00002233 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2016-01-16 11:03 - 2016-01-16 11:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2016-01-16 11:03 - 2016-01-16 11:03 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2016-01-16 11:03 - 2016-01-16 11:03 - 00000000 ____D C:\Program Files (x86)\McAfee Security Scan
2016-01-16 07:40 - 2016-01-16 07:40 - 01856929 _____ C:\Users\maggi_000\Downloads\HomelessnessMonitorScotland_FINAL.pdf
2016-01-16 01:58 - 2016-01-16 01:58 - 00033618 _____ C:\Users\stephen\Downloads\Fixlog.txt
2016-01-14 22:53 - 2016-01-14 22:53 - 00002560 _____ C:\WINDOWS\_MSRSTRT.EXE
2016-01-14 01:12 - 2016-01-14 01:17 - 01754112 _____ C:\Users\stephen\Desktop\adwcleaner_5.029.exe
2016-01-14 01:02 - 2016-01-14 01:02 - 00000085 _____ C:\WINDOWS\wininit.ini
2016-01-13 07:48 - 2016-01-13 07:48 - 00433106 _____ C:\Users\maggi_000\Downloads\UKMail-Delivery-Card-0564321.pdf
2016-01-13 07:35 - 2016-01-13 07:35 - 00325087 _____ C:\Users\maggi_000\Downloads\Invitation to Tender - ASL Market Testing project - Jan 2016.pdf
2016-01-13 01:27 - 2016-01-13 01:27 - 00006098 _____ C:\Users\stephen\Desktop\report.txt
2016-01-13 01:23 - 2016-01-13 01:23 - 00000239 _____ C:\Users\stephen\Desktop\ckfiles.txt
2016-01-13 01:22 - 2016-01-13 01:23 - 00468480 _____ () C:\Users\stephen\Desktop\CKScanner.exe
2016-01-12 22:50 - 2016-01-05 02:51 - 07477600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-01-12 22:50 - 2016-01-05 02:51 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-01-12 22:50 - 2016-01-05 02:51 - 01141496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-01-12 22:50 - 2016-01-05 02:50 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-01-12 22:50 - 2016-01-05 02:50 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-01-12 22:50 - 2016-01-05 02:50 - 00671472 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2016-01-12 22:50 - 2016-01-05 02:49 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-01-12 22:50 - 2016-01-05 02:48 - 00499432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2016-01-12 22:50 - 2016-01-05 02:45 - 02587696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2016-01-12 22:50 - 2016-01-05 02:42 - 02026736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2016-01-12 22:50 - 2016-01-05 02:37 - 02544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-01-12 22:50 - 2016-01-05 02:37 - 01299504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2016-01-12 22:50 - 2016-01-05 02:37 - 00858952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2016-01-12 22:50 - 2016-01-05 02:37 - 00848160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-01-12 22:50 - 2016-01-05 02:37 - 00785088 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2016-01-12 22:50 - 2016-01-05 02:37 - 00245840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2016-01-12 22:50 - 2016-01-05 02:37 - 00234504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mftranscode.dll
2016-01-12 22:50 - 2016-01-05 02:36 - 00808800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-01-12 22:50 - 2016-01-05 02:33 - 02180128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-01-12 22:50 - 2016-01-05 02:33 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2016-01-12 22:50 - 2016-01-05 02:33 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-01-12 22:50 - 2016-01-05 02:33 - 00701384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2016-01-12 22:50 - 2016-01-05 02:33 - 00652312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2016-01-12 22:50 - 2016-01-05 02:33 - 00208176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mftranscode.dll
2016-01-12 22:50 - 2016-01-05 02:33 - 00116728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2016-01-12 22:50 - 2016-01-05 02:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-01-12 22:50 - 2016-01-05 02:27 - 01594408 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-01-12 22:50 - 2016-01-05 02:24 - 00796352 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-01-12 22:50 - 2016-01-05 02:23 - 01804664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMALFXGFXDSP.dll
2016-01-12 22:50 - 2016-01-05 02:23 - 01309376 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-01-12 22:50 - 2016-01-05 02:23 - 00786696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL
2016-01-12 22:50 - 2016-01-05 02:23 - 00119320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP3DMOD.DLL
2016-01-12 22:50 - 2016-01-05 02:21 - 01371792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-01-12 22:50 - 2016-01-05 02:17 - 00695752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL
2016-01-12 22:50 - 2016-01-05 02:16 - 00100160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP3DMOD.DLL
2016-01-12 22:50 - 2016-01-05 01:59 - 22393856 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-01-12 22:50 - 2016-01-05 01:57 - 16986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-01-12 22:50 - 2016-01-05 01:57 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMSRoamingSecurity.dll
2016-01-12 22:50 - 2016-01-05 01:57 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgrcli.dll
2016-01-12 22:50 - 2016-01-05 01:56 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2016-01-12 22:50 - 2016-01-05 01:54 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-01-12 22:50 - 2016-01-05 01:53 - 00148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshom.ocx
2016-01-12 22:50 - 2016-01-05 01:52 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-01-12 22:50 - 2016-01-05 01:51 - 00472576 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll
2016-01-12 22:50 - 2016-01-05 01:51 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2016-01-12 22:50 - 2016-01-05 01:50 - 00644096 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
2016-01-12 22:50 - 2016-01-05 01:50 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-01-12 22:50 - 2016-01-05 01:50 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-01-12 22:50 - 2016-01-05 01:49 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-01-12 22:50 - 2016-01-05 01:49 - 01582080 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2016-01-12 22:50 - 2016-01-05 01:49 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL
2016-01-12 22:50 - 2016-01-05 01:49 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-01-12 22:50 - 2016-01-05 01:49 - 00749056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2016-01-12 22:50 - 2016-01-05 01:49 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityCommon.dll
2016-01-12 22:50 - 2016-01-05 01:48 - 01009152 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOD.DLL
2016-01-12 22:50 - 2016-01-05 01:48 - 00387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2016-01-12 22:50 - 2016-01-05 01:48 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usermgrcli.dll
2016-01-12 22:50 - 2016-01-05 01:47 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-01-12 22:50 - 2016-01-05 01:47 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-01-12 22:50 - 2016-01-05 01:47 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2016-01-12 22:50 - 2016-01-05 01:45 - 00678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2016-01-12 22:50 - 2016-01-05 01:45 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2016-01-12 22:50 - 2016-01-05 01:44 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshom.ocx
2016-01-12 22:50 - 2016-01-05 01:43 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2016-01-12 22:50 - 2016-01-05 01:43 - 00604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-01-12 22:50 - 2016-01-05 01:43 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-01-12 22:50 - 2016-01-05 01:42 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2016-01-12 22:50 - 2016-01-05 01:41 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-01-12 22:50 - 2016-01-05 01:41 - 01070080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOE.DLL
2016-01-12 22:50 - 2016-01-05 01:41 - 00558592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2016-01-12 22:50 - 2016-01-05 01:40 - 00890880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOD.DLL
2016-01-12 22:50 - 2016-01-05 01:40 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ProximityCommon.dll
2016-01-12 22:50 - 2016-01-05 01:39 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-01-12 22:50 - 2016-01-05 01:39 - 00569856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2016-01-12 22:50 - 2016-01-05 01:39 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-01-12 22:50 - 2016-01-05 01:39 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2016-01-12 22:50 - 2016-01-05 01:38 - 00389120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-01-12 22:50 - 2016-01-05 01:36 - 00573440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2016-01-12 22:50 - 2016-01-05 01:36 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-01-12 22:50 - 2016-01-05 01:33 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2016-01-12 22:50 - 2016-01-05 01:30 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-01-12 22:50 - 2016-01-05 01:30 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-01-12 22:50 - 2016-01-05 01:29 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-01-12 22:50 - 2016-01-05 01:28 - 07826432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-01-12 22:50 - 2016-01-05 01:28 - 04894720 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-01-12 22:50 - 2016-01-05 01:28 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2016-01-12 22:50 - 2016-01-05 01:25 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-01-12 15:52 - 2016-01-12 15:52 - 00000000 ___RD C:\Sandbox
2016-01-12 15:51 - 2016-01-12 15:50 - 00000944 _____ C:\Users\stephen\Desktop\Sandboxed Web Browser.lnk
2016-01-12 15:50 - 2016-01-13 16:16 - 00001730 _____ C:\WINDOWS\Sandboxie.ini
2016-01-12 15:50 - 2016-01-12 15:50 - 08518280 _____ (Sandboxie Holdings, LLC) C:\Users\stephen\Downloads\SandboxieInstall.exe
2016-01-12 15:50 - 2016-01-12 15:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2016-01-12 15:50 - 2016-01-12 15:50 - 00000000 ____D C:\Program Files\Sandboxie
2016-01-12 14:40 - 2016-01-12 14:40 - 00388608 _____ (Trend Micro Inc.) C:\Users\stephen\Downloads\HijackThis(1).exe
2016-01-12 14:35 - 2016-01-12 14:35 - 00388608 _____ (Trend Micro Inc.) C:\Users\stephen\Downloads\HijackThis.exe
2016-01-12 13:42 - 2016-01-12 13:46 - 00000000 ____D C:\Users\stephen\AppData\Roaming\ImgBurn
2016-01-12 13:31 - 2016-01-12 13:31 - 00001953 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
2016-01-12 13:31 - 2016-01-12 13:31 - 00001941 _____ C:\Users\Public\Desktop\ImgBurn.lnk
2016-01-12 13:31 - 2016-01-12 13:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
2016-01-12 13:31 - 2016-01-12 13:31 - 00000000 ____D C:\Program Files (x86)\ImgBurn
2016-01-12 13:29 - 2016-01-12 13:30 - 03469871 _____ (LIGHTNING UK!) C:\Users\stephen\Downloads\SetupImgBurn_2.5.8.0(1).exe
2016-01-12 13:29 - 2016-01-12 13:29 - 00000000 _____ C:\Users\stephen\Downloads\SetupImgBurn_2.5.8.0.exe
2016-01-12 13:24 - 2016-01-12 13:26 - 1054867456 _____ C:\Users\stephen\Downloads\ubuntu-14.04.3-desktop-amd64.iso
2016-01-12 00:33 - 2016-01-12 00:33 - 02370560 _____ (Farbar) C:\Users\stephen\Downloads\FRST64(2).exe
2016-01-12 00:11 - 2016-01-12 00:11 - 02370560 _____ (Farbar) C:\Users\stephen\Downloads\FRST64(1).exe
2016-01-12 00:08 - 2016-01-12 00:09 - 00058014 _____ C:\Users\stephen\Documents\cc_20160112_000856.reg
2016-01-11 23:41 - 2016-01-18 15:08 - 00018334 _____ C:\Users\stephen\Downloads\FRST.txt
2016-01-11 23:41 - 2016-01-16 02:06 - 00054487 _____ C:\Users\stephen\Downloads\Addition.txt
2016-01-11 23:40 - 2016-01-18 15:08 - 00000000 ____D C:\FRST
2016-01-11 23:40 - 2016-01-11 23:40 - 02370560 _____ (Farbar) C:\Users\stephen\Downloads\FRST64.exe
2016-01-11 15:41 - 2016-01-11 15:41 - 00291534 _____ C:\Users\stephen\Documents\cc_20160111_154141.reg
2016-01-11 15:40 - 2016-01-11 15:40 - 06805440 _____ (Piriform Ltd) C:\Users\stephen\Downloads\ccsetup513.exe
2016-01-11 15:40 - 2016-01-11 15:40 - 00000870 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-01-11 15:37 - 2016-01-11 15:37 - 00001235 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-01-11 15:37 - 2016-01-11 15:37 - 00001223 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-01-11 15:37 - 2016-01-11 15:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-09 11:32 - 2016-01-09 11:32 - 00668602 _____ C:\Users\maggi_000\Downloads\Important information about charges_07012016.pdf
2016-01-08 20:15 - 2016-01-08 20:15 - 01592131 _____ C:\Users\maggi_000\Downloads\interim-ll2u-leaflet-july-2015-v1a.pdf
2016-01-08 18:35 - 2016-01-08 18:35 - 00235046 _____ C:\Users\maggi_000\Downloads\bef30f_316d48295b844ad8b4980721cfe3b9a5(2).pdf
2016-01-08 18:34 - 2016-01-08 18:34 - 00235046 _____ C:\Users\maggi_000\Downloads\bef30f_316d48295b844ad8b4980721cfe3b9a5(1).pdf
2016-01-08 08:47 - 2016-01-08 08:47 - 00046069 _____ C:\Users\maggi_000\Downloads\Invoice-24191791.pdf
2016-01-07 20:17 - 2016-01-07 20:17 - 00242118 _____ C:\Users\maggi_000\Downloads\Order-24191791-Docs-080130.pdf
2016-01-07 20:17 - 2016-01-07 20:17 - 00010982 _____ C:\Users\maggi_000\Downloads\footwear-declaration.pdf
2016-01-07 19:55 - 2016-01-07 19:55 - 00309039 _____ C:\Users\maggi_000\Downloads\20150731_ReturnForm.pdf
2016-01-07 19:33 - 2016-01-16 01:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-01-07 07:16 - 2016-01-07 07:16 - 00055367 _____ C:\Users\maggi_000\Downloads\Your account is still overdrawn_04012016.pdf
2016-01-07 07:16 - 2016-01-07 07:16 - 00054156 _____ C:\Users\maggi_000\Downloads\Information about your overdraft charges_06012016.pdf
2016-01-07 00:33 - 2016-01-07 00:33 - 00000744 _____ C:\Users\stephen\Desktop\College 2016 - Shortcut.lnk
2016-01-06 21:54 - 2016-01-06 22:03 - 00001178 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-01-06 21:54 - 2016-01-06 21:55 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-01-06 21:54 - 2016-01-06 21:54 - 22908888 _____ (Malwarebytes ) C:\Users\stephen\Downloads\mbam-setup-2.2.0.1024(1).exe
2016-01-06 21:54 - 2016-01-06 21:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-01-06 21:54 - 2016-01-06 21:54 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-01-06 21:54 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-01-06 21:54 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-01-06 21:54 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-01-06 21:53 - 2016-01-06 21:53 - 22908888 _____ (Malwarebytes ) C:\Users\stephen\Downloads\mbam-setup-2.2.0.1024.exe
2016-01-06 21:42 - 2016-01-06 21:42 - 03399774 _____ C:\Users\stephen\Downloads\03 Track 3(1).wma
2016-01-06 21:42 - 2016-01-06 21:42 - 02975478 _____ C:\Users\stephen\Downloads\07 Track 7(1).wma
2016-01-06 21:41 - 2016-01-06 21:41 - 04720470 _____ C:\Users\stephen\Downloads\08 Track 8(1).wma
2016-01-06 21:41 - 2016-01-06 21:41 - 02975478 _____ C:\Users\stephen\Downloads\07 Track 7.wma
2016-01-06 21:40 - 2016-01-06 21:41 - 03399774 _____ C:\Users\stephen\Downloads\03 Track 3.wma
2016-01-06 20:51 - 2016-01-06 20:51 - 05587535 _____ C:\Users\stephen\Downloads\Building_Adapta.pdf
2016-01-06 18:45 - 2016-01-06 18:45 - 04720470 _____ C:\Users\stephen\Downloads\08 Track 8.wma
2016-01-06 18:27 - 2016-01-06 18:27 - 00037954 _____ C:\Users\stephen\Downloads\excell tutorial(1).htm
2016-01-06 12:42 - 2016-01-06 22:03 - 00002649 _____ C:\Users\stephen\Desktop\Microsoft Office Project 2007.lnk
2016-01-05 23:09 - 2016-01-05 23:09 - 00280841 _____ C:\Users\stephen\Downloads\CT_Ind_-_Com_Tutorial_LO1-_2015_B(1).pdf
2016-01-05 17:32 - 2016-01-05 17:32 - 00006548 _____ C:\Users\maggi_000\Downloads\Payslip for Tax Week_40, Tax Year_2015-2016.pdf
2016-01-05 17:32 - 2016-01-05 17:32 - 00006548 _____ C:\Users\maggi_000\Downloads\Payslip for Tax Week_40, Tax Year_2015-2016(1).pdf
2016-01-04 13:00 - 2016-01-04 13:00 - 00496846 _____ C:\Users\maggi_000\Downloads\S430-0415-web.pdf
2016-01-04 11:19 - 2016-01-04 11:19 - 01693393 _____ C:\Users\maggi_000\Downloads\The_Next_Piece_2015.pdf
2016-01-04 11:18 - 2016-01-04 11:18 - 01036107 _____ C:\Users\maggi_000\Downloads\What_piece_next_poster..pdf
2016-01-03 10:44 - 2016-01-03 10:44 - 00109494 _____ C:\Users\maggi_000\Downloads\TSB-VISA-DEBIT-T-and-Cs.pdf
2016-01-03 04:52 - 2016-01-03 04:52 - 02026520 _____ (BitTorrent Inc.) C:\Users\stephen\Downloads\uTorrent.exe
2016-01-02 10:53 - 2016-01-02 10:53 - 00235046 _____ C:\Users\maggi_000\Downloads\bef30f_316d48295b844ad8b4980721cfe3b9a5.pdf
2016-01-01 11:20 - 2016-01-11 13:40 - 00002543 _____ C:\Users\maggi_000\Desktop\Kindle.lnk
2016-01-01 11:20 - 2016-01-01 14:42 - 00000000 ____D C:\Users\maggi_000\Documents\My Kindle Content
2016-01-01 11:20 - 2016-01-01 11:20 - 00000000 ____D C:\Users\maggi_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2016-01-01 11:20 - 2016-01-01 11:20 - 00000000 ____D C:\Users\maggi_000\AppData\Local\Amazon
2015-12-31 08:24 - 2015-12-31 08:24 - 00055874 _____ C:\Users\maggi_000\Downloads\Information about your overdraft charges_30122015.pdf
2015-12-29 14:54 - 2015-12-29 14:54 - 00313224 _____ C:\Users\maggi_000\Downloads\SCoDCon16 Invite V1.pdf
2015-12-27 23:33 - 2087-05-20 11:08 - 03407872 _____ C:\Users\stephen\Desktop\SPOT0000.avi
2015-12-27 12:22 - 2015-12-27 12:22 - 00838493 _____ C:\Users\maggi_000\Downloads\Calendar 1(1).pdf
2015-12-27 12:21 - 2015-12-27 12:21 - 00838493 _____ C:\Users\maggi_000\Downloads\Calendar 1.pdf
2015-12-27 12:21 - 2015-12-27 12:21 - 00054524 _____ C:\Users\maggi_000\Downloads\Street A-Z.pdf
2015-12-26 12:36 - 2015-12-26 12:36 - 00958641 _____ C:\Users\maggi_000\Downloads\Royal-Mail-UK-and-international-parcel-and-letter-prices-30-March-2015.pdf
2015-12-26 12:17 - 2015-12-26 12:17 - 00179804 _____ C:\Users\maggi_000\Downloads\20151127_ReturnForm.pdf
2015-12-25 12:54 - 2015-12-25 12:54 - 00076244 _____ C:\Users\maggi_000\Downloads\voucher_262038954.pdf
2015-12-25 12:50 - 2015-12-25 12:50 - 00110021 _____ C:\Users\maggi_000\Downloads\Groupon-75CA5F54AD.pdf
2015-12-25 12:50 - 2015-12-25 12:50 - 00110021 _____ C:\Users\maggi_000\Downloads\Groupon-75CA5F54AD(1).pdf
2015-12-22 03:11 - 2015-12-22 03:11 - 00000000 ____D C:\Users\stephen\AppData\Roaming\NBS
2015-12-21 18:27 - 2015-12-21 18:32 - 136685138 _____ C:\Users\stephen\Downloads\NBSCreate_1_5_3_08_12_15.zip
2015-12-21 17:58 - 2015-12-21 17:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NBS
2015-12-21 17:58 - 2015-12-21 17:58 - 00000000 ____D C:\Program Files (x86)\NBS
2015-12-21 17:57 - 2015-12-21 17:57 - 00000000 ____D C:\Users\stephen\Desktop\nbsCreate_1_5_3_08_12_15
2015-12-21 15:21 - 2015-12-21 15:21 - 07493736 _____ C:\Users\stephen\Downloads\eml(2)
2015-12-21 15:20 - 2015-12-21 15:20 - 07493736 _____ C:\Users\stephen\Downloads\eml(1)
2015-12-21 15:12 - 2015-12-21 15:12 - 00000000 ____D C:\Users\stephen\Documents\Autodesk Application Manager
2015-12-21 15:11 - 2015-12-21 15:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk ReCap 2016
2015-12-21 15:10 - 2015-12-21 15:10 - 00000133 _____ C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
2015-12-21 15:05 - 2015-12-21 15:05 - 16873592 _____ C:\Users\stephen\Downloads\AutoCAD_2016_English_Win_64bit_r1_wi_en-us_Setup.exe
2015-12-21 15:05 - 2015-12-21 15:05 - 00338296 _____ (Autodesk Inc.) C:\Users\stephen\Downloads\AutoCAD_2016_English_Win_64bit_r1_wi_en-us_Setup_webinstall.exe
2015-12-21 12:01 - 2015-12-21 12:01 - 00608096 _____ C:\Users\maggi_000\Downloads\Is_Scotland_Fair_Enough(1).pdf
2015-12-21 11:49 - 2015-12-21 11:49 - 01045966 _____ C:\Users\maggi_000\Downloads\Health_and_Homelessness_Report_2015_final_(3).pdf
2015-12-21 11:49 - 2015-12-21 11:49 - 01045966 _____ C:\Users\maggi_000\Downloads\Health_and_Homelessness_Report_2015_final_(2).pdf
2015-12-21 11:43 - 2015-12-21 11:44 - 06803438 _____ C:\Users\maggi_000\Downloads\Argyll & Bute HSCP Strategic Plan Consultation - Main Report.pdf
2015-12-20 18:43 - 2015-12-20 18:43 - 00135939 _____ C:\Users\maggi_000\Downloads\GHN Staffing Structure Nov 2015.pdf
2015-12-20 18:09 - 2015-12-20 18:09 - 01045966 _____ C:\Users\maggi_000\Downloads\Health and Homelessness Report 2015 (final).pdf
2015-12-20 16:23 - 2016-01-06 22:03 - 00001978 _____ C:\Users\stephen\Desktop\Install Now Autodesk® AutoCAD® 2015.lnk
2015-12-20 16:22 - 2015-12-20 16:22 - 14934512 _____ C:\Users\stephen\Downloads\AutoCAD_2015_English_Win_32_64bit_Trial_wi_en-us_Setup.exe
2015-12-20 16:22 - 2015-12-20 16:22 - 00338320 _____ (Autodesk Inc.) C:\Users\stephen\Downloads\AutoCAD_2015_English_Win_32_64bit_Trial_wi_en-us_Setup_webinstall.exe
2015-12-20 16:20 - 2015-12-20 16:20 - 00338296 _____ (Autodesk Inc.) C:\Users\stephen\Downloads\AutoCAD_2014_English_Win_32_64bit_wi_en-us_Setup_webinstall(1).exe
2015-12-20 16:17 - 2015-12-21 15:06 - 00000000 ____D C:\Users\stephen\AppData\Local\Akamai
2015-12-20 16:16 - 2015-12-20 16:21 - 10934800 _____ C:\Users\stephen\Downloads\AutoCAD_2014_English_Win_32_64bit_wi_en-us_Setup.exe
2015-12-20 16:16 - 2015-12-20 16:16 - 00338296 _____ (Autodesk Inc.) C:\Users\stephen\Downloads\AutoCAD_2014_English_Win_32_64bit_wi_en-us_Setup_webinstall.exe
2015-12-20 14:44 - 2015-12-20 14:44 - 00084446 _____ C:\Users\maggi_000\Downloads\Annex 1 - List of eligible Commonwealth Foundation member countries.pdf
2015-12-20 14:23 - 2015-12-20 14:24 - 03743168 _____ C:\Users\maggi_000\Downloads\Draft 23.pdf
2015-12-20 11:22 - 2015-12-20 11:22 - 01045966 _____ C:\Users\maggi_000\Downloads\Conference Report GHN 2015 FINAL.pdf
2015-12-20 10:57 - 2015-12-20 10:57 - 01045966 _____ C:\Users\maggi_000\Downloads\Health_and_Homelessness_Report_2015_final_(1).pdf
2015-12-20 10:45 - 2015-12-20 10:45 - 01045966 _____ C:\Users\maggi_000\Downloads\Health_and_Homelessness_Report_2015_final_.pdf
2015-12-20 00:19 - 2015-12-20 00:40 - 102691212 _____ (Aslain ) C:\Users\stephen\Downloads\Aslains_XVM_WoT_Modpack_Installer_v.9.13.07.exe
2015-12-19 21:02 - 2015-12-19 21:02 - 00037954 _____ C:\Users\stephen\Downloads\excell tutorial.htm
2015-12-19 15:57 - 2016-01-06 12:47 - 00561682 _____ C:\Users\stephen\Desktop\CT_Ind_-_Com_Tutorial_LO1-_2015_B.pdf
2015-12-19 15:56 - 2015-12-19 15:56 - 00280841 _____ C:\Users\stephen\Downloads\CT_Ind_-_Com_Tutorial_LO1-_2015_B.pdf
2015-12-19 14:06 - 2015-12-19 14:07 - 02641949 _____ C:\Users\maggi_000\Downloads\Argyll & Bute Strategic Plan Consultation - Complete Report (small).pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-18 14:47 - 2015-10-30 07:21 - 00000000 ____D C:\WINDOWS\INF
2016-01-18 14:47 - 2015-08-11 11:25 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-01-18 14:46 - 2015-10-05 21:26 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-18 14:46 - 2014-06-15 10:28 - 00000000 __RDO C:\Users\maggi_000\OneDrive
2016-01-18 14:41 - 2014-06-07 14:06 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-01-18 14:36 - 2015-10-05 21:26 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-18 09:22 - 2015-05-22 18:59 - 00000000 ____D C:\ProgramData\WinCalendarV4
2016-01-18 02:41 - 2015-02-21 14:00 - 00000000 ____D C:\Users\stephen\AppData\Roaming\TS3Client
2016-01-18 02:00 - 2014-07-19 10:51 - 00000000 ____D C:\Users\stephen\AppData\Local\Adobe
2016-01-17 19:12 - 2015-07-20 18:09 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-01-17 19:12 - 2015-07-20 18:09 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-01-17 14:14 - 2014-06-15 10:50 - 00004154 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{AF793571-E11C-48A3-B5C9-1D59E4B08831}
2016-01-17 07:42 - 2015-12-10 04:03 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-01-17 07:42 - 2015-12-10 03:56 - 00000000 ____D C:\ProgramData\NVIDIA
2016-01-17 03:09 - 2015-03-23 22:26 - 00000000 ____D C:\Users\stephen\AppData\Roaming\vlc
2016-01-16 22:50 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-01-16 11:17 - 2014-07-19 10:50 - 00000000 ____D C:\Users\maggi_000\AppData\Local\Adobe
2016-01-16 02:06 - 2015-10-30 06:28 - 00000000 ____D C:\Windows
2016-01-16 01:58 - 2015-10-30 06:28 - 01048576 ___SH C:\WINDOWS\system32\config\BBI
2016-01-16 01:58 - 2015-06-25 07:36 - 00000000 ____D C:\Program Files\Common Files\AV
2016-01-16 01:58 - 2015-05-09 15:06 - 00000000 ____D C:\Users\stephen\AppData\LocalLow\Temp
2016-01-16 01:54 - 2014-06-10 16:43 - 00004150 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B1A324D8-A069-4CDA-8F5D-86DAF40AA30B}
2016-01-16 01:46 - 2015-04-06 08:48 - 00000000 ____D C:\AdwCleaner
2016-01-15 21:58 - 2015-10-30 07:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-01-14 22:52 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-01-14 22:49 - 2015-12-08 02:41 - 00000000 ____D C:\Users\stephen\AppData\Local\AvgSetupLog
2016-01-14 22:49 - 2014-09-24 17:42 - 00000000 ____D C:\ProgramData\AVG
2016-01-14 22:48 - 2014-09-24 17:46 - 00000000 ____D C:\Users\stephen\AppData\Local\Avg
2016-01-14 22:48 - 2014-09-05 20:51 - 00000000 ____D C:\ProgramData\MFAData
2016-01-14 22:45 - 2015-10-30 07:24 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-01-14 21:52 - 2014-08-18 09:13 - 00004154 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{3A0A23C3-EEE7-4D3A-958A-5A37272D507E}
2016-01-14 19:35 - 2015-10-30 06:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-01-14 01:15 - 2015-05-27 13:33 - 00003952 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1432733584
2016-01-14 01:15 - 2015-05-27 13:33 - 00001127 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2016-01-14 01:15 - 2015-05-27 13:32 - 00000000 ____D C:\Program Files (x86)\Opera
2016-01-14 01:05 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-01-13 12:40 - 2015-08-14 18:18 - 00000000 ____D C:\Users\cmcga_000\AppData\Local\Comms
2016-01-13 11:13 - 2014-08-17 17:11 - 00000000 ____D C:\Users\cmcga_000\AppData\Local\Packages
2016-01-13 00:41 - 2014-06-27 22:43 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-01-13 00:41 - 2014-06-27 22:43 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-01-13 00:40 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-01-12 23:10 - 2015-11-26 19:23 - 00000000 ____D C:\ProgramData\Microsoft Help
2016-01-12 23:10 - 2015-02-01 02:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-01-12 23:10 - 2014-06-27 22:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-01-12 23:09 - 2015-10-30 07:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-01-12 23:08 - 2014-06-12 00:18 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-01-12 23:06 - 2014-06-12 00:18 - 143671360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-01-12 06:58 - 2015-12-10 03:57 - 00000000 ____D C:\Users\maggi_000
2016-01-12 06:58 - 2015-12-10 03:57 - 00000000 ____D C:\Users\cmcga_000
2016-01-12 00:01 - 2015-11-26 19:23 - 00000000 ____D C:\Program Files\Microsoft Office
2016-01-12 00:01 - 2015-10-30 07:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-01-12 00:01 - 2014-09-10 16:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2016-01-12 00:01 - 2014-09-10 16:56 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2016-01-11 15:42 - 2014-06-07 11:05 - 00000000 ____D C:\Users\stephen\AppData\Local\Packages
2016-01-11 13:25 - 2015-12-10 03:57 - 00000000 ____D C:\Users\stephen
2016-01-08 18:33 - 2014-09-14 11:10 - 00186016 _____ C:\Users\maggi_000\AppData\Local\GDIPFONTCACHEV1.DAT
2016-01-07 19:08 - 2014-06-16 08:13 - 00000551 _____ C:\Users\maggi_000\Desktop\our nos.txt
2016-01-07 00:03 - 2014-10-06 09:00 - 00000000 ____D C:\Users\cmcga_000\AppData\Local\Avg
2016-01-07 00:03 - 2014-09-25 06:56 - 00000000 ____D C:\Users\maggi_000\AppData\Local\Avg
2016-01-06 22:03 - 2015-12-10 04:00 - 00001552 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-01-06 22:03 - 2015-10-05 21:26 - 00002240 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth.lnk
2016-01-06 22:03 - 2015-10-05 11:31 - 00001136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2015.lnk
2016-01-06 22:03 - 2015-09-29 18:26 - 00001205 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe InDesign CS4.lnk
2016-01-06 22:03 - 2015-09-29 18:25 - 00001524 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Drive CS4.lnk
2016-01-06 22:03 - 2015-09-29 18:25 - 00001179 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS4.lnk
2016-01-06 22:03 - 2015-09-29 18:22 - 00001491 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS4.lnk
2016-01-06 22:03 - 2015-09-29 18:22 - 00001363 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS4.lnk
2016-01-06 22:03 - 2015-08-11 17:41 - 00002533 _____ C:\Users\stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-01-06 22:03 - 2015-05-02 16:00 - 00000992 _____ C:\Users\stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2016-01-06 22:03 - 2015-04-16 17:14 - 00000690 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\leafDrums 2.lnk
2016-01-06 22:03 - 2014-09-10 16:56 - 00002619 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Open Office Document.lnk
2016-01-06 22:03 - 2014-09-10 16:56 - 00002609 _____ C:\ProgramData\Microsoft\Windows\Start Menu\New Office Document.lnk
2016-01-06 22:03 - 2014-07-28 11:48 - 00001062 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk
2016-01-06 22:03 - 2014-07-22 09:45 - 00002302 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2016-01-06 22:03 - 2014-07-19 10:53 - 00001305 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2016-01-06 22:02 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\PLA
2016-01-06 21:46 - 2015-12-10 03:55 - 00000000 ___DC C:\WINDOWS\Panther
2016-01-05 19:23 - 2014-09-15 12:11 - 00186016 _____ C:\Users\stephen\AppData\Local\GDIPFONTCACHEV1.DAT
2016-01-05 06:26 - 2015-12-10 03:55 - 03184824 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-01-05 06:24 - 2015-10-30 18:08 - 00000000 ____D C:\WINDOWS\ShellNew
2016-01-03 01:40 - 2015-10-30 07:26 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-01-03 01:40 - 2015-10-30 07:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-02 05:41 - 2014-12-03 20:59 - 00000482 _____ C:\WINDOWS\Tasks\SDMsgUpdate (TE).job
2016-01-01 11:31 - 2014-06-15 10:26 - 00000000 ____D C:\Users\maggi_000\AppData\Roaming\Adobe
2015-12-30 03:19 - 2014-07-05 10:05 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-12-30 03:19 - 2014-06-28 08:39 - 00000000 ____D C:\Users\stephen\AppData\Roaming\Autodesk
2015-12-30 03:19 - 2014-06-28 08:39 - 00000000 ____D C:\ProgramData\Autodesk
2015-12-30 03:18 - 2015-02-01 02:09 - 00000000 ____D C:\Users\stephen\AppData\Local\Microsoft Help
2015-12-29 05:41 - 2014-06-07 14:06 - 00003816 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-12-21 15:21 - 2015-12-16 19:46 - 07493736 _____ C:\Users\stephen\Desktop\Re_ HND Building Surveying Year 2 Graded Unit.eml
2015-12-21 15:12 - 2014-06-28 08:47 - 00000000 ____D C:\Program Files\Common Files\Autodesk Shared
2015-12-21 15:12 - 2014-06-28 08:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
2015-12-21 15:12 - 2014-06-05 10:43 - 00000000 ____D C:\ProgramData\Package Cache
2015-12-21 15:10 - 2014-06-28 08:47 - 00000000 ____D C:\Users\Public\Documents\Autodesk
2015-12-21 15:08 - 2015-02-26 23:01 - 00000000 ____D C:\Program Files\Autodesk
2015-12-21 15:05 - 2015-02-26 22:58 - 00000000 ____D C:\Autodesk
2015-12-19 04:43 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\Provisioning
2015-12-19 04:43 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\bcastdvr

==================== Files in the root of some directories =======

2015-11-09 12:48 - 2015-11-09 12:48 - 0219654 _____ () C:\Users\stephen\AppData\Local\ars.cache
2015-11-09 12:48 - 2015-11-09 12:48 - 0516250 _____ () C:\Users\stephen\AppData\Local\census.cache
2015-11-09 12:41 - 2015-11-09 12:41 - 0000036 _____ () C:\Users\stephen\AppData\Local\housecall.guid.cache
2014-06-08 11:28 - 2015-09-08 23:02 - 0007601 _____ () C:\Users\stephen\AppData\Local\Resmon.ResmonCfg
2015-11-09 12:46 - 2015-11-09 12:46 - 0000010 _____ () C:\Users\stephen\AppData\Local\sponge.last.runtime.cache
2015-12-10 03:56 - 2015-12-10 03:56 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-06-28 08:42 - 2014-06-28 08:42 - 0000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2015-12-21 15:10 - 2015-12-21 15:10 - 0000133 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-01-14 08:26

==================== End of FRST.txt ============================
Blazinby
Regular Member
 
Posts: 18
Joined: January 11th, 2016, 7:46 pm
Advertisement
Register to Remove

Re: finish off malware removal

Unread postby capnkrunch » January 18th, 2016, 8:18 pm

Warning!
The steps presented in these posts are for this person and machine ONLY. Do not apply these steps to your own system, without the guidance of a trained malware removal helper. Doing so, may possibly damage your system, preventing it from starting.

Hello Blazinby and welcome back to the Malware Removal Forums :)

I'll be helping you to finish the cleaning process. As a reminder I'm an Undergraduate trainee here, and as such my posts to you have to first be checked by a Teacher, because of this my replies to your posts may be slightly delayed. Please be patient and I'm sure we'll be able to resolve your problems.

Before we begin, I'd like to remind you of the rules I laid out last time so things will proceed smoothly.
  • The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  • You must have Administrator rights, permissions for this computer.
  • DO NOT run any other fix or removal tools unless instructed to do so.
  • DO NOT install any other software (or hardware) during the cleaning process.
  • Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  • Print each set of instructions, if possible. Your Internet connection will not be available during some fix processes.
  • Only reply to this thread, do not start another ... Please, continue responding, until I give you the "All Clean".
    Remember, absence of symptoms does mean the infection is all gone.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Failure to respond for 3 days, will result in your topic being closed.

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care, not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.


For your safety and protection, I would advise backing up all your important documents, personal data files and photos to a CD or DVD drive as some infections may render your computer unbootable during or before the disinfection process. The safest practice is not to backup any files with the following file extensions:
exe, .scr, .ini, .htm, .html, .php, .asp, .xml, .zip, .rar, .cab as they may be infected.

I need to see an Addition.txt log from FRST.

FRST Scan
  • FRST64.exe should still be in your Downloads folder. If not please download it HERE.
  • Close all open programs and windows.
  • Right click FRST64.exe and select Run as administrator.
  • Under Optional Scan check Addition.txt.
  • Press the Scan button and wait while the scan finishes.
  • Once finished, two files will open: FRST.txt and Addition.txt. Please post only Addition.txt in your reply.
    The log can also be found in the same directory where FRST was run from.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections...

In your next reply please include:
  • Did you have any problems with the instructions?
  • Addition.txt
  • Are there any changes in computer behavior?
User avatar
capnkrunch
MRU Master
MRU Master
 
Posts: 793
Joined: March 20th, 2015, 6:41 pm
Location: Chicago

Re: finish off malware removal

Unread postby Blazinby » January 18th, 2016, 10:19 pm

Hey :)

the instructions were clear

PC seems to be running better and no browser Hijacker obvious

thank you so much for your help (again)

Additional scan result of Farbar Recovery Scan Tool (x64) Version:10-01-2015 01
Ran by stephen (2016-01-19 02:15:19)
Running from C:\Users\stephen\Downloads
Windows 10 Home (X64) (2015-12-10 04:06:31)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3488279127-63086370-3813774398-500 - Administrator - Disabled)
cmcga_000 (S-1-5-21-3488279127-63086370-3813774398-1005 - Limited - Enabled) => C:\Users\cmcga_000
DefaultAccount (S-1-5-21-3488279127-63086370-3813774398-503 - Limited - Disabled)
Guest (S-1-5-21-3488279127-63086370-3813774398-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3488279127-63086370-3813774398-1003 - Limited - Enabled)
maggi_000 (S-1-5-21-3488279127-63086370-3813774398-1004 - Limited - Enabled) => C:\Users\maggi_000
stephen (S-1-5-21-3488279127-63086370-3813774398-1001 - Administrator - Enabled) => C:\Users\stephen

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.38 beta (HKLM-x32\...\7-Zip) (Version: - )
A360 Desktop (HKLM\...\{B209E611-5511-4AD6-B4B3-9D36F93DBCD4}) (Version: 6.0.3.1100 - Autodesk)
ACA & MEP 2016 Object Enabler (Version: 7.8.41.0 - Autodesk) Hidden
ACAD Private (Version: 20.1.49.0 - Autodesk) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.3.0.151 - Adobe Systems Incorporated)
Adobe CSI CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.9 - Adobe Systems Incorporated)
Adobe Drive CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
Adobe InDesign CS4 (HKLM-x32\...\Adobe_1710d324011afc3e7658e969025f4ba) (Version: 6.0 - Adobe Systems Incorporated)
Adobe InDesign CS4 Icon Handler x64 (Version: 6.0 - Adobe Systems Incorporated) Hidden
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe PDF iFilter 11 for 64-bit platforms (HKLM\...\{BA5C0CC3-421B-4AE5-9370-1650D1941F30}) (Version: 11.0.00 - Adobe)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0.1 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-3488279127-63086370-3813774398-1001\...\Akamai) (Version: - Akamai Technologies, Inc)
Aslain's XVM WoT Modpack version 9.13.07 (HKLM-x32\...\ZRwTINhSZfduKONYrSCTiCiGPggQZdcLRvoAVxyCOXXpkHeC~1DC3968F_is1) (Version: 9.13.07 - Aslain)
AutoCAD 2014 - English (Version: 19.1.108.1 - Autodesk) Hidden
AutoCAD 2014 - English (Version: 19.1.42.0 - Autodesk) Hidden
AutoCAD 2014 Language Pack - English (Version: 19.1.42.0 - Autodesk) Hidden
AutoCAD 2016 - English (Version: 20.1.49.0 - Autodesk) Hidden
AutoCAD 2016 (Version: 20.1.107.0 - Autodesk) Hidden
AutoCAD 2016 Language Pack - English (Version: 20.1.49.0 - Autodesk) Hidden
Autodesk Advanced Material Library Image Library 2016 (HKLM-x32\...\{94AD53E7-493B-4291-8714-7A3B761D2783}) (Version: 6.3.0.15 - Autodesk)
Autodesk App Manager (HKLM-x32\...\{C070121A-C8C5-4D52-9A7D-D240631BD433}) (Version: 1.1.0 - Autodesk)
Autodesk App Manager 2016 (HKLM-x32\...\{4ECF9E00-2978-46AF-BD80-455EFEAB7A93}) (Version: 2.0.0 - Autodesk)
Autodesk Application Manager (HKLM-x32\...\Autodesk Application Manager) (Version: 5.0.142.9 - Autodesk)
Autodesk AutoCAD 2014 - English SP1 (HKLM\...\AutoCAD 2014 - English SP1) (Version: 1 - Autodesk)
Autodesk AutoCAD 2016 - English (HKLM\...\AutoCAD 2016 - English) (Version: 20.1.49.0 - Autodesk)
Autodesk AutoCAD 2016 SP 1 (HKLM\...\AutoCAD 2016 SP1) (Version: 20.1.107.0 - Autodesk)
Autodesk AutoCAD Performance Feedback Tool 1.2.4 (HKLM-x32\...\{4E20873D-BC20-495C-AFD9-B18877B7F9BB}) (Version: 1.2.4.0 - Autodesk)
Autodesk BIM 360 Glue AutoCAD 2016 Add-in 64 bit (HKLM\...\{4BEE127E-95C4-434D-ABAC-65155192BB24}) (Version: 4.35.1742 - Autodesk)
Autodesk Content Service (HKLM\...\Autodesk Content Service) (Version: 3.2.0.0 - Autodesk)
Autodesk Content Service (Version: 3.2.0.0 - Autodesk) Hidden
Autodesk Content Service Language Pack (Version: 3.2.0.0 - Autodesk) Hidden
Autodesk Featured Apps (HKLM-x32\...\{F732FEDA-7713-4428-934B-EF83B8DD65D0}) (Version: 1.1.0 - Autodesk)
Autodesk Featured Apps 2016 (HKLM-x32\...\{D42F37CD-9AF9-4435-A474-B387C5BB6B47}) (Version: 2.0.0 - Autodesk)
Autodesk Material Library 2016 (HKLM-x32\...\{29A7D6EC-63C2-42FD-8143-5812ABD2923F}) (Version: 6.3.0.15 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2016 (HKLM-x32\...\{6B4CFC6E-ECB0-47FE-95D3-65C680ED0687}) (Version: 6.3.0.15 - Autodesk)
Autodesk ReCap (Version: 1.0.43.13 - Autodesk) Hidden
Autodesk ReCap 2016 (HKLM\...\Autodesk ReCap 2016) (Version: 1.5.0.33 - Autodesk)
Autodesk ReCap 2016 (Version: 1.5.0.33 - Autodesk) Hidden
Autodesk ReCap Language Pack-English (Version: 1.0.43.13 - Autodesk) Hidden
Call of Duty: Modern Warfare 2 (HKLM-x32\...\Steam App 10180) (Version: - Infinity Ward)
CCleaner (HKLM\...\CCleaner) (Version: 5.13 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Connect (x32 Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve)
eLicenser Control (HKLM-x32\...\eLicenser Control) (Version: 6.9.1.1175 - Steinberg Media Technologies GmbH)
Fallout 3 - Game of the Year Edition (HKLM-x32\...\Steam App 22370) (Version: - Bethesda Game Studios)
Fallout 3 (HKU\S-1-5-21-3488279127-63086370-3813774398-1001\...\{974C4B12-4D02-4879-85E0-61C95CC63E9E}) (Version: 1.00.0000 - Bethesda Softworks)
FARO LS 1.1.406.58 (HKLM-x32\...\{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}) (Version: 4.6.58.2 - FARO Scanner Production)
FARO LS 1.1.501.0 (64bit) (HKLM-x32\...\{8A470330-70B2-49AD-86AF-79885EF9898A}) (Version: 5.1.0.30630 - FARO Scanner Production)
FARO LS 1.1.502.0 (64bit) (HKLM-x32\...\{66D83FE0-D798-4B38-86FE-FB48151E5AEF}) (Version: 5.2.0.35213 - FARO Scanner Production)
FARO LS 1.1.503.3 (64bit) (HKLM-x32\...\{1C05E654-FB81-4274-BF32-292E3707701D}) (Version: 5.3.3.38662 - FARO Scanner Production)
GanttProject (HKLM-x32\...\GanttProject) (Version: - )
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version: - Valve)
Homeworld Remastered Collection (HKLM-x32\...\Steam App 244160) (Version: - Gearbox Software)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1204 - Intel Corporation)
Java 8 Update 66 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
kuler (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
leafdigital leafDrums 2.1 (HKLM-x32\...\leafDrums2) (Version: - )
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
McAfee Security Scan Plus (HKLM-x32\...\McAfee Security Scan) (Version: 3.11.266.3 - McAfee, Inc.)
Media Go (HKLM-x32\...\{65256C0D-3FE7-4D2E-BB3E-53F1175481C8}) (Version: 3.0.403 - Sony)
Media Go Network Downloader (HKLM-x32\...\{C52148B9-19E0-433A-9422-3451B1BEE20F}) (Version: 1.6.01.0 - Sony)
Media Go Video Playback Engine 2.20.107.05220 (HKLM-x32\...\{7348D0F2-3DAC-0BE7-4E7C-64844D2E3CA9}) (Version: 2.20.107.05220 - Sony)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft OneNote 2013 - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 15.0.4779.1002 - Microsoft Corporation)
Microsoft Project Professional 2013 (HKLM-x32\...\Office15.PRJPRO) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 43.0.4 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 43.0.4 (x86 en-GB)) (Version: 43.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.4 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
NBS Create (HKLM-x32\...\{A0AF8432-76A3-4269-86A8-15E2CA9ACC5C}) (Version: 1.05.0003 - NBS)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 352.86 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 352.86 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.7.4.10 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.7.4.10 - NVIDIA Corporation)
NVIDIA Graphics Driver 352.86 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 352.86 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA Miracast Virtual Audio 352.86 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 352.86 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4779.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4779.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4779.1002 - Microsoft Corporation) Hidden
Opera Stable 34.0.2036.47 (HKLM-x32\...\Opera 34.0.2036.47) (Version: 34.0.2036.47 - Opera Software)
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF Settings CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden
Portal (HKLM-x32\...\Steam App 400) (Version: - Valve)
Portal 2 (HKLM-x32\...\Steam App 620) (Version: - Valve)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.55.0 - Samsung Electronics Co., Ltd.)
Sandboxie 5.06 (64-bit) (HKLM\...\Sandboxie) (Version: 5.06 - Sandboxie Holdings, LLC)
SHIELD Streaming (Version: 4.1.0240 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.7.4.10 - NVIDIA Corporation) Hidden
Should I Remove It (HKU\S-1-5-21-3488279127-63086370-3813774398-1001\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.)
Should I Remove It (x32 Version: 1.0.4 - Reason Software Company Inc.) Hidden
SketchUp 2015 (HKLM\...\{350488A4-1540-4103-8F01-B27503891EB0}) (Version: 15.3.331 - Trimble Navigation Limited)
SketchUp Import (HKLM-x32\...\{C403E867-FCF1-432B-BCC1-8FFD40A10A6E}) (Version: 1.2.0 - Autodesk)
SketchUp Import 2016 (HKLM-x32\...\{C769FB7C-1F55-4B31-9A2A-21CEC50F4F92}) (Version: 2.0.0 - Autodesk)
Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.101 - Skype Technologies S.A.)
SmartDraw 2010 (HKU\S-1-5-21-3488279127-63086370-3813774398-1001\...\SmartDraw 2010) (Version: - )
Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.15.16.201511171525 - Sony Mobile Communications Inc.)
Sony PC Companion 2.10.297 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.297 - Sony)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Steinberg Cubase LE AI Elements 6 64bit (HKLM\...\{8EEEB23E-A3EB-44A4-AEE9-D2FD6F96E4A0}) (Version: 6.0.3 - Steinberg Media Technologies GmbH)
Steinberg Drum Loop Expansion 01 (HKLM-x32\...\{490BF87E-1F75-4453-BF55-9F540543A3CA}) (Version: 2.0.0.0 - Steinberg Media Technologies GmbH)
Steinberg Groove Agent ONE Content (HKLM-x32\...\{BD86F1AC-B594-46E4-85DC-1258AC9E2232}) (Version: 1.0.0.003 - Steinberg Media Technologies GmbH)
Steinberg Groove Agent ONE Vintage Beatboxes (HKLM-x32\...\{DBF4BC99-53F1-4C97-84C3-7557D103E182}) (Version: 1.0.0.000 - Steinberg Media Technologies GmbH)
Steinberg HALion Sonic SE 64bit (HKLM\...\{B99C316B-C135-43B5-8E77-2BC5E241F964}) (Version: 1.5.2 - Steinberg Media Technologies GmbH)
Steinberg HALion Sonic SE Content for Cubase LE AI Elements (HKLM-x32\...\{CF45002F-2205-4116-BB51-2D015F436CAC}) (Version: 1.5.2.000 - Steinberg Media Technologies GmbH)
Suite Shared Configuration CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
TeamSpeak 3 Client (HKU\S-1-5-21-3488279127-63086370-3813774398-1001\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Text-To-Speech-Runtime (HKLM-x32\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)
Thunder Master v2.4 (HKLM-x32\...\{EE04522C-0814-4B63-AE57-0B63E5A355BB}_is1) (Version: 2.4.0.0 - Palit Microsystems Ltd.)
Update for Skype for Business 2015 (KB3114502) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PRJPRO_{B4DBD8FE-927A-4BAF-9158-D71D2EE4C00F}) (Version: - Microsoft)
Uplay (HKLM-x32\...\Uplay) (Version: 4.6 - Ubisoft)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{6DA2B636-698A-3294-BF4A-B5E11B238CDD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{8CCEA24C-51AE-3B71-9092-7D0C44DDA2DF}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{C3A57BB3-9AA6-3F6F-9395-6C062BDD5FC4}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{F6F09DD8-F39B-3A16-ADB9-C9E6B56903F9}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{04B34E21-5BEE-3D2B-8D3D-E3E80D253F64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{14866AAD-1F23-39AC-A62B-7091ED1ADE64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{4B90093A-5D9C-3956-8ABB-95848BE6EFAD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{B42E259C-E4D4-37F1-A1B2-EB9C4FC5A04D}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Watch_Dogs (HKLM-x32\...\Uplay Install 274) (Version: - Ubisoft)
WinCalendar V4 (HKLM-x32\...\WinCalendar V4) (Version: 4.31 - Sapro Systems)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
WinZip 18.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E3}) (Version: 18.5.11111 - WinZip Computing, S.L. )
World of Tanks (HKU\S-1-5-21-3488279127-63086370-3813774398-1001\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version: - Wargaming.net)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3488279127-63086370-3813774398-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\stephen\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3488279127-63086370-3813774398-1001_Classes\CLSID\{7DE1BE5C-CEBA-4F1D-ACBC-9CE11EE9A2A1}\localserver32 -> D:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-3488279127-63086370-3813774398-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0CFE2E40-6A97-48C5-9F38-DE82315CF1B0} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {0FBB4C60-A94D-48A5-BAD7-5625DDF2A7D0} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {18FCD4A7-8F8B-463C-93F0-201D321FE4D3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-05] (Google Inc.)
Task: {22035EC3-B8F7-4417-8EC2-BC09E3337876} - System32\Tasks\Opera scheduled Autoupdate 1432733584 => C:\Program Files (x86)\Opera\launcher.exe [2016-01-08] (Opera Software)
Task: {2E599E7B-8934-48F7-BE8F-E50B24D2FBD1} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: {30DF0F10-D2C7-4F42-A8B6-1BE45573F78E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-21] (Microsoft Corporation)
Task: {4707EC9C-7E36-453E-94E7-E5BA2AF786F0} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-01-12] (Microsoft Corporation)
Task: {4C503F55-2E5F-4B0B-AC2B-B07C9919555F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-13] (Microsoft Corporation)
Task: {515957AE-8084-4613-AAB3-7CCAA5426F5D} - System32\Tasks\{3B00E05A-55A2-420D-AB18-BDBC1D5086E0} => pcalua.exe -a E:\Setup.now.exe -d E:\
Task: {61278F75-ACB1-49D1-9937-E27748F0BCB1} - System32\Tasks\{7BEE6A47-035C-4DE7-819A-FF8321383B81} => pcalua.exe -a "C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe" -c scenario=install baseurl="C:\Program Files\Microsoft Office 15" platform=x86 version=15.0.4641.1003 culture=en-us productstoremove=ProPlusRetail_en-us_x-none
Task: {8D469930-866F-4944-B9D7-40DEA54E9A91} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-21] (Microsoft Corporation)
Task: {8DFBE616-7074-45BE-ABA7-925981AC24F3} - System32\Tasks\ShouldIRemoveIt_Notifications => D:\Program Files (x86)\Reason\Should I Remove It\ShouldIRemoveIt.exe [2014-09-03] (Reason Software Company Inc.)
Task: {908DF050-EC73-490D-A3CC-FABDA32F6478} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-12-08] (Piriform Ltd)
Task: {944B75A4-B30B-451B-914F-0F05E7C19F46} - \SwiftSearch Auto Updater 1.10.0.25 Pending Update -> No File <==== ATTENTION
Task: {9A2CAD55-E9F0-4E2B-996D-9E5B38367C48} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-11-09] (Oracle Corporation)
Task: {B11FD346-80A8-494A-B4D9-5D7D5E80E52B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-05] (Google Inc.)
Task: {B43A6A22-E00B-4A44-B733-CE686A2C6049} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {CF01CF38-7BB2-44AC-B841-4B43F49DED1B} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-13] (Microsoft Corporation)
Task: {CF3CF60B-F2E7-4DFE-9DAE-D666E7D3E908} - System32\Tasks\{F2FF3EB3-E05D-4702-BE9E-403B588482E6} => pcalua.exe -a D:\leafDrums233.exe -d D:\
Task: {D4F4507B-BAE8-438E-A3DD-E735401AC9E0} - System32\Tasks\SDMsgUpdate (TE) => C:\Program Files (x86)\SmartDraw 2010\Messages\SDNotify.exe [2009-07-08] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\SDMsgUpdate (TE).job => C:\PROGRA~2\SMARTD~1\Messages\SDNotify.exeX-PTE -V1812 -SSDU.ini -A -Mhxxp:/www.smartdraw.com/msgs/messagecheck.asp

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 07:17 - 2015-10-30 07:17 - 00028672 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
2015-12-10 03:56 - 2014-01-28 03:16 - 00936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
2015-02-01 02:03 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-10-30 07:18 - 2015-10-30 07:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-12-10 03:56 - 2015-08-07 00:24 - 00116344 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-12-10 03:53 - 2015-12-10 03:53 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-10 03:53 - 2015-12-10 03:53 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-09-11 18:02 - 2015-09-11 18:02 - 00803488 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2015-10-28 10:09 - 2015-09-01 16:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2016-01-12 22:50 - 2016-01-05 01:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-01-12 22:50 - 2016-01-05 01:24 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-12-18 10:50 - 2015-12-07 04:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2015-12-18 10:50 - 2015-12-07 04:00 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-12-18 10:50 - 2015-12-07 04:00 - 00674816 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\MtcUvc.dll
2016-01-12 22:50 - 2016-01-05 01:29 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-01-12 22:50 - 2016-01-05 01:24 - 00936960 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-01-12 22:50 - 2016-01-05 01:26 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-12-10 08:49 - 2015-12-10 08:49 - 00012800 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2015-12-10 08:49 - 2015-12-10 08:49 - 11542016 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2015-11-20 08:12 - 2015-11-20 08:12 - 00258560 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2015-12-21 15:12 - 2015-11-17 02:33 - 00103968 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\qjson0.dll
2015-12-21 15:12 - 2015-11-17 02:33 - 00055328 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\QtSolutions_Service-head.dll
2015-12-10 03:56 - 2016-01-17 07:42 - 00032768 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\PEbiosinterface32.dll
2015-12-10 03:56 - 2014-01-28 03:16 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\ATKEX.dll
2014-03-20 10:43 - 2014-03-20 10:43 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-02-25 15:02 - 2015-11-12 18:39 - 00012080 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3488279127-63086370-3813774398-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-3488279127-63086370-3813774398-1001\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 13:25 - 2016-01-16 01:58 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3488279127-63086370-3813774398-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 194.168.4.100 - 194.168.8.100
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\Run: => "MouseDriver"
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run: => "NvBackend"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "Autodesk Sync"
HKLM\...\StartupApproved\Run: => "XMouseButtonControl"
HKLM\...\StartupApproved\Run32: => "KiesTrayAgent"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "AdobeCS4ServiceManager"
HKLM\...\StartupApproved\Run32: => "vProt"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "ADSKAppManager"
HKLM\...\StartupApproved\Run32: => "WinCalendar V4"
HKLM\...\StartupApproved\Run32: => "AdVPN"
HKLM\...\StartupApproved\Run32: => "AdobeAAMUpdater-1.0"
HKU\S-1-5-21-3488279127-63086370-3813774398-1001\...\StartupApproved\StartupFolder: => "OpenOffice.org 3.1.lnk"
HKU\S-1-5-21-3488279127-63086370-3813774398-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-3488279127-63086370-3813774398-1001\...\StartupApproved\Run: => "KiesAirMessage"
HKU\S-1-5-21-3488279127-63086370-3813774398-1001\...\StartupApproved\Run: => "Akamai NetSession Interface"
HKU\S-1-5-21-3488279127-63086370-3813774398-1001\...\StartupApproved\Run: => "Autodesk Sync"
HKU\S-1-5-21-3488279127-63086370-3813774398-1001\...\StartupApproved\Run: => "Sony PC Companion"
HKU\S-1-5-21-3488279127-63086370-3813774398-1001\...\StartupApproved\Run: => "Browser Extensions"
HKU\S-1-5-21-3488279127-63086370-3813774398-1001\...\StartupApproved\Run: => "Search Protection"
HKU\S-1-5-21-3488279127-63086370-3813774398-1001\...\StartupApproved\Run: => "WinCalendar V4"
HKU\S-1-5-21-3488279127-63086370-3813774398-1001\...\StartupApproved\Run: => "NvLedServiceHost"
HKU\S-1-5-21-3488279127-63086370-3813774398-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-3488279127-63086370-3813774398-1001\...\StartupApproved\Run: => "Web Companion"
HKU\S-1-5-21-3488279127-63086370-3813774398-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3488279127-63086370-3813774398-1001\...\StartupApproved\Run: => "AdobeBridge"
HKU\S-1-5-21-3488279127-63086370-3813774398-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-3488279127-63086370-3813774398-1001\...\StartupApproved\Run: => "uTorrent"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{7CBC7956-1BA8-43BB-A74E-EB6172252448}] => (Allow) C:\Users\stephen\Desktop\Microsoft Toolkit.exe
FirewallRules: [{E553DA61-5AD2-4E9F-B418-F72D4E4B83D4}] => (Allow) C:\Users\stephen\Desktop\Microsoft Toolkit.exe
FirewallRules: [{6F4B3880-2897-4AEA-A358-46E07766FA8E}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [{B38FB37B-D48E-40AA-AA53-48B4041F7265}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [{2EF60B3C-ACC3-404A-A9EC-E7989FC61FFE}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{1CB05E20-B104-4166-B71C-AC6B936C1D08}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{9374BA96-BE7D-4883-AFBF-8C441F8D79D5}] => (Allow) C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
FirewallRules: [{91DD439C-6FA0-4000-8DA5-59D42FCCAC3F}] => (Allow) C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
FirewallRules: [{24125DD9-AA1F-49BE-A6A0-FFBF6CC28DD2}] => (Allow) LPort=5353
FirewallRules: [{9AC77051-544D-4777-BE1E-98353290DB15}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{E001E44F-22D6-47DF-A714-A062EB080BE0}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{068EF7EC-734F-4A69-9BBD-15CC692D546B}] => (Allow) D:\SteamLibrary\SteamApps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{EF024DDE-6383-4686-B215-85076290742A}] => (Allow) D:\SteamLibrary\SteamApps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{BA69AFF2-69F8-46E5-9BE5-F03AF5825338}] => (Allow) D:\SteamLibrary\SteamApps\common\Call of Duty Modern Warfare 2\iw4sp.exe
FirewallRules: [{557B27C5-7826-46B4-95FE-8BD57B9EE0EE}] => (Allow) D:\SteamLibrary\SteamApps\common\Call of Duty Modern Warfare 2\iw4sp.exe
FirewallRules: [{6394831C-02BF-4287-930B-FC4D275A7934}] => (Allow) D:\Steam\SteamApps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{098645C1-557F-44BB-B643-751CCFCAFD17}] => (Allow) D:\Steam\SteamApps\common\Counter-Strike Source\hl2.exe
FirewallRules: [TCP Query User{C2FC2D3A-4262-4D1E-BA2E-DC1B429550B0}C:\users\maggi_000\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\maggi_000\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{8FB2C83A-E066-43BA-8787-362A7378B086}C:\users\maggi_000\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\maggi_000\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{4D9CD4CE-45CD-46B5-B923-44C8157241BB}C:\users\maggi_000\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\maggi_000\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{B9A97A59-FD91-4C84-80AD-ED932079DE84}C:\users\maggi_000\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\maggi_000\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{2255D6C3-EE6E-437E-82AD-A6D7ABCD5EAB}D:\games\world_of_tanks\worldoftanks.exe] => (Allow) D:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [UDP Query User{890ADF07-6BCD-414F-89AA-63D1A3008C4C}D:\games\world_of_tanks\worldoftanks.exe] => (Allow) D:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [TCP Query User{E2230686-AB58-4AA0-B085-9DC67919B8DD}D:\program files (x86)\ubisoft\ubisoft game launcher\games\watch_dogs\bin\watch_dogs.exe] => (Allow) D:\program files (x86)\ubisoft\ubisoft game launcher\games\watch_dogs\bin\watch_dogs.exe
FirewallRules: [UDP Query User{E1E613BE-AE79-4F84-BC01-56C5CE0F67CF}D:\program files (x86)\ubisoft\ubisoft game launcher\games\watch_dogs\bin\watch_dogs.exe] => (Allow) D:\program files (x86)\ubisoft\ubisoft game launcher\games\watch_dogs\bin\watch_dogs.exe
FirewallRules: [TCP Query User{93384D67-8F48-4BFB-A704-A16D6EC6F66C}D:\games\world_of_tanks\wotlauncher.exe] => (Allow) D:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [UDP Query User{8D9A6708-CA59-4240-9954-1CC8F326C7D6}D:\games\world_of_tanks\wotlauncher.exe] => (Allow) D:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [{5315D542-B684-40BC-9455-D99A1B928CA6}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{5031D340-6BB7-4737-B461-6C2244AB1B17}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{A076CE23-C7DB-42B6-9F7B-5A7173877963}] => (Allow) D:\Steam\bin\steamwebhelper.exe
FirewallRules: [{DBE3E056-EADD-488D-BB1D-1779A7F628AE}] => (Allow) D:\Steam\bin\steamwebhelper.exe
FirewallRules: [{3F21404F-EC71-4D57-AD52-299FDEA0EA71}] => (Allow) D:\Steam\SteamApps\common\Call of Duty Modern Warfare 2\iw4sp.exe
FirewallRules: [{7486BC65-D078-4038-AFBE-402256FBEE28}] => (Allow) D:\Steam\SteamApps\common\Call of Duty Modern Warfare 2\iw4sp.exe
FirewallRules: [{632DC639-2249-4DD6-B372-490DF9B3E189}] => (Allow) D:\Steam\SteamApps\common\Portal\hl2.exe
FirewallRules: [{43B37AC3-22C7-475D-9053-7605FA86C0E0}] => (Allow) D:\Steam\SteamApps\common\Portal\hl2.exe
FirewallRules: [{CC41A8E8-3954-403D-B394-4C5F427EEDAF}] => (Allow) D:\Steam\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [{A84A0001-59E7-4CA7-AC90-096ED32B26EB}] => (Allow) D:\Steam\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [TCP Query User{639B8B9F-5FAB-4E9B-9A1C-0A1CFA28042C}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{209E4CB4-1A55-46F0-8424-408605D10BEF}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{F2321D11-B5D4-47DE-BAD4-216E489A1267}] => (Allow) D:\Steam\SteamApps\common\Homeworld\HWLauncher\Launcher.exe
FirewallRules: [{FC0A709D-5515-4E38-B0E8-969E75B285A4}] => (Allow) D:\Steam\SteamApps\common\Homeworld\HWLauncher\Launcher.exe
FirewallRules: [{A361AE83-6FDB-4802-98B9-7CE0AD3F71F2}] => (Allow) D:\Steam\SteamApps\common\Half-Life 2\hl2.exe
FirewallRules: [{DE470DEB-2C15-4ABE-A21C-105595FC022E}] => (Allow) D:\Steam\SteamApps\common\Half-Life 2\hl2.exe
FirewallRules: [{2A71F814-A5F1-430C-8D2B-AA8597A0366D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{F764B9C8-2AD1-464C-8493-59B009595829}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{99FD8412-B44E-4C94-A701-01D404AFE09B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{7210F895-BB87-4A53-BBB4-8C64AA5EA79B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{8DC7D9E8-38AC-4A62-A46B-1E522DE7B3AB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{C2CE4B41-79A2-4B83-A8A0-BBD76D892A90}] => (Allow) D:\Steam\SteamApps\common\Fallout 3 goty\FalloutLauncher.exe
FirewallRules: [{6387A010-1852-4255-8AC7-353FA14720C1}] => (Allow) D:\Steam\SteamApps\common\Fallout 3 goty\FalloutLauncher.exe
FirewallRules: [TCP Query User{FCB16392-02A0-4C5E-893D-DE942B3B38F6}C:\users\stephen\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\stephen\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{1BC21281-8C6D-467E-91EA-6399F4687AA3}C:\users\stephen\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\stephen\appdata\local\akamai\netsession_win.exe
FirewallRules: [{5C259770-F980-4729-AC51-D6F946DBA4F7}] => (Allow) LPort=50248
FirewallRules: [{B978696B-8CD5-4D29-B5C9-0F471F7397AF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{209C0677-1645-49D1-A58C-329A60652A50}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Restore Points =========================

18-01-2016 08:41:10 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

Name: Unknown USB Device (Device Descriptor Request Failed)
Description: Unknown USB Device (Device Descriptor Request Failed)
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service:
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/18/2016 08:41:11 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (01/17/2016 07:11:47 PM) (Source: MsiInstaller) (EventID: 1024) (User: MAGGIE)
Description: Product: Adobe Acrobat Reader DC - Update '{AC76BA86-7AD7-0000-2550-AC0F0A4E5800}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (01/17/2016 07:55:30 AM) (Source: MsiInstaller) (EventID: 1024) (User: Maggie)
Description: Product: Adobe Acrobat Reader DC - Update '{AC76BA86-7AD7-0000-2550-AC0F0A4E5800}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (01/16/2016 08:33:37 PM) (Source: MsiInstaller) (EventID: 1024) (User: MAGGIE)
Description: Product: Adobe Acrobat Reader DC - Update '{AC76BA86-7AD7-0000-2550-AC0F0A4E5800}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (01/16/2016 07:32:21 AM) (Source: MsiInstaller) (EventID: 1024) (User: Maggie)
Description: Product: Adobe Acrobat Reader DC - Update '{AC76BA86-7AD7-0000-2550-AC0F0A4E5800}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (01/16/2016 02:13:34 AM) (Source: MsiInstaller) (EventID: 1024) (User: MAGGIE)
Description: Product: Adobe Acrobat Reader DC - Update '{AC76BA86-7AD7-0000-2550-AC0F0A4E5800}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (01/16/2016 01:58:26 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (01/16/2016 01:58:25 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {ce9293b9-b5e3-4422-a746-a370a21bb819}

Error: (01/15/2016 10:05:27 PM) (Source: MsiInstaller) (EventID: 1024) (User: MAGGIE)
Description: Product: Adobe Acrobat Reader DC - Update '{AC76BA86-7AD7-0000-2550-AC0F0A4E5800}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (01/15/2016 07:52:51 AM) (Source: MsiInstaller) (EventID: 1024) (User: Maggie)
Description: Product: Adobe Acrobat Reader DC - Update '{AC76BA86-7AD7-0000-2550-AC0F0A4E5800}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127


System errors:
=============
Error: (01/18/2016 02:49:46 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}

Error: (01/18/2016 02:46:34 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_2f8f2e3 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (01/18/2016 02:46:34 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_2f8f2e3 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (01/18/2016 02:46:34 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_2f8f2e3 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (01/18/2016 02:46:34 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_2f8f2e3 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (01/18/2016 02:46:34 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (01/18/2016 06:28:38 AM) (Source: volsnap) (EventID: 25) (User: )
Description: The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time. Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.

Error: (01/18/2016 06:28:32 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_1d3e07d service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (01/18/2016 06:28:32 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_1d3e07d service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (01/18/2016 06:28:32 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_1d3e07d service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.


CodeIntegrity:
===================================
Date: 2016-01-18 09:22:53.186
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-01-18 09:22:53.181
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-01-18 09:22:53.175
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-01-18 09:22:52.759
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-01-18 07:54:33.900
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-01-18 07:54:33.895
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-01-18 07:54:33.889
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-01-18 07:54:32.780
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-01-18 07:54:32.725
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-01-18 07:54:32.601
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz
Percentage of memory in use: 14%
Total physical RAM: 16326.05 MB
Available physical RAM: 13974.69 MB
Total Virtual: 18758.05 MB
Available Virtual: 16116.19 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:104.33 GB) (Free:18.94 GB) NTFS
Drive d: () (Fixed) (Total:931.39 GB) (Free:749.8 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 111.8 GB) (Disk ID: 4BFB80C9)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================
Blazinby
Regular Member
 
Posts: 18
Joined: January 11th, 2016, 7:46 pm

Re: finish off malware removal

Unread postby capnkrunch » January 19th, 2016, 7:08 pm

Hello Blazinby :)

Blazinby wrote:thank you so much for your help (again)

You're welcome.

Blazinby wrote:PC seems to be running better and no browser Hijacker obvious

Good to hear, there are still have some things to take care of however.

Out of Date Antivirus Warning
It looks like you were able to remove AVG like I requested and Windows Defender is now active. However, it appears that Windows Defender is out of date. It is essential for antivirus software to be fully up to date or you will be missing protection from the latest threats. Before we do anything else we need to make sure Windows Defender is up to date.

Step one...

Update Windows Defender
  • Click Start then click Settings.
  • Click Update & Security and then select Windows Defender in the left-hand pane.
  • Scroll down to the Version Info at the bottom and click Use Windows Defender.
  • Click on the Update tab.
  • At the top of this tab you will see Virus and spyware definitions:. Please let me know what it says after that.
  • Click the Update button.
  • Windows Defender will check for updates and download them if available.
  • You can now exit the Windws Defender program

Important! If the definitions were out of date and you were unable to update them do not proceed. Please let me know and I will provide addition instructions.

Step two...

Create a System Restore Point
  • Click on Start.
  • Type Create a restore point into the search box and select it from the results.
  • From the Available Drives list select the Windows drive. It will be the one that says (System) after it.
  • Click on Create.
  • Type precleanup into the textbox and click Create.
  • Once it is finished click Close

Step three...

If looks like there are still startup items disabled with MSConfig. MSConfig is meant only for temporary troubleshooting and not as a permanent startup management solution so it is important that we reenable these items.

Reenable Items With MSConfig
  • Press the Windows Key + R.
  • Type msconfig.exe into the text box and click OK.
  • Check Normal startup and click OK.
  • You will be prompted to restart your computer. Click Restart.
  • Repeat this process for all users on your machine.
Note: if Normal Startup is already checked that is OK. Proceed with the rest of the steps and let me know in your reply.

Step four...

Uninstall Programs
  • Press the Windows Key + R.
  • Enter appwiz.cpl into the text box and click OK.
  • Locate the following programs:
    Adobe AIR
    McAfee Security Scan Plus
  • Press the Uninstall or Uninstall/Change button and carefully follow any prompts to uninstall the program.
    • Take care to read through any prompts completely! Some uninstallers may attempt to trick you into keeping the program.
    • Do this for every program listed.
    • Don't worry if you can't find one of the programs. Just be sure to let me know in your reply.
  • Once finished reboot your computer.

Step five...

Show Hidden Files and Folders
  • Click Start and then click File Explorer.
  • Click on the View tab and then click Options.
  • In the Folder Options window click on the View tab.
  • Check Show hidden files and folders and uncheck Hide extensions for known file types.
  • Click OK.

Step six...

Upload Files to VirusTotal
  • Please go to VirusTotal.
  • Click the Choose File button.
  • Navigate to the following file:
    C:\WINDOWS\SysNative\drivers\netmon_wfp.sys
  • Click the Scan it! button.
  • You might see a message saying File already analysed, if you do click Reanalyse.
  • Wait for all the scans to finish then copy and paste the web address from your broswer's address bar.
    Example of web address :
    Image
  • Include the link in your next reply.
Note: if you cannot find the file that is OK. Just let me know in your reply.

Step seven...

I need to see the logs from the fixes that I requested last time.

Post Old Logs
  • Please navigate to the following files:
    C:\AdwCleaner\AdwCleaner[Cx].txt (x is the number of times AdwCleaner was run. Please select the one with the highest number)
    C:\Users\stephen\Downloads\Fixlog.txt
  • Double-click the file to open it.
  • Copy and paste the contents in your reply.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections...

In your next reply please include:
  • Did you have any problems with the instructions?
  • Were you able to update Windows Defender?
  • Were you able to reenable the MSConfig items?
  • The VirusTotal link
  • AdwCleaner[Cx].txt
  • Fixlog.txt
  • Are there any changes in computer behavior?
User avatar
capnkrunch
MRU Master
MRU Master
 
Posts: 793
Joined: March 20th, 2015, 6:41 pm
Location: Chicago

Re: finish off malware removal

Unread postby Blazinby » January 20th, 2016, 12:15 am

Hi capnkrunch :D

Updated anti virus

created restore point

re-eneabled start up items as per your instructions but everytime I reboot it goes back to selective startup

programs uninstalled and rebooted

hidden files showing

could not find the folder you specified

here are my logs I will post one here and the other in a new post

regards

# AdwCleaner v5.029 - Logfile created 16/01/2016 at 01:46:46
# Updated 11/01/2016 by Xplode
# Database : 2016-01-15.2 [Server]
# Operating system : Windows 10 Home (x64)
# Username : stephen - MAGGIE
# Running from : C:\Users\stephen\Desktop\adwcleaner_5.029.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\myfree codec
[-] Folder Deleted : C:\ProgramData\AVG Security Toolbar
[-] Folder Deleted : C:\Users\Public\Documents\Guid
[-] Folder Deleted : C:\Users\stephen\AppData\Roaming\WTools
[-] Folder Deleted : C:\Users\stephen\AppData\Roaming\RPEng
[-] Folder Deleted : C:\Users\stephen\AppData\Roaming\RunDir

***** [ Files ] *****

[-] File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\wtu-secure-search.xml
[-] File Deleted : C:\WINDOWS\SysNative\drivers\netmon_wfp.sys
[-] File Deleted : C:\WINDOWS\SysWOW64\lavasofttcpservice.dll

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKCU\Software\WEBAPP
[-] Key Deleted : HKCU\Software\Microsoft\Tinstalls
[-] Key Deleted : HKLM\SOFTWARE\NtSvcHandler
[-] Key Deleted : [x64] HKLM\SOFTWARE\WebBar
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CB7EA2A8-C0FB-4CF7-96AF-EA19779A4793}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CB7EA2A8-C0FB-4CF7-96AF-EA19779A4793}

***** [ Web browsers ] *****

[-] [C:\Users\maggi_000\AppData\Roaming\Mozilla\Firefox\Profiles\c4sleunq.default-1443162559677\prefs.js] [Preference] Deleted : user_pref("browser.search.hiddenOneOffs", "Yahoo.co.uk,Bing,Amazon.co.uk,Chambers (UK),DuckDuckGo,eBay.co.uk,Twitter,Wikipedia (en),YourSearchResults");
[-] [C:\Users\cmcga_000\AppData\Roaming\Mozilla\Firefox\Profiles\xdbengq.default\prefs.js] [Preference] Deleted : user_pref("browser.search.hiddenOneOffs", "Yahoo,Bing,Amazon.com,DuckDuckGo,eBay,Twitter,Wikipedia (en),YourSearchResults");
[-] [C:\Users\cmcga_000\AppData\Roaming\Mozilla\Firefox\Profiles\xdbengq.default\prefs.js] [Preference] Deleted : user_pref("extensions.Rh8zKb8NHQqON7Ss.scode", "(function(){try{if(window.location.href.indexOf(\"rjYFrTg6qHkHrTr5rdYGpjaGqTC\")>-1){return;}}catch(e){}try{var d=[[\"cryptogmail.com\",\"bancdebinary.c[...]
[-] [C:\Users\cmcga_000\AppData\Roaming\Mozilla\Firefox\Profiles\xdbengq.default\prefs.js] [Preference] Deleted : user_pref("extensions.ZRmQXG9lKe7tmzii.scode", "(function(){try{if(window.location.href.indexOf(\"rjYFrTg6qHkHrTr5rdYGpjaGqTC\")>-1){return;}}catch(e){}try{var d=[[\"cryptogmail.com\",\"bancdebinary.c[...]

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [4238 bytes] ##########
Blazinby
Regular Member
 
Posts: 18
Joined: January 11th, 2016, 7:46 pm

Re: finish off malware removal

Unread postby Blazinby » January 20th, 2016, 12:18 am

Fix result of Farbar Recovery Scan Tool (x64) Version:10-01-2015 01
Ran by stephen (2016-01-16 01:58:24) Run:1
Running from C:\Users\stephen\Downloads
Loaded Profiles: stephen (Available Profiles: stephen & maggi_000 & cmcga_000)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [3874216 2015-12-16] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [2814864 2015-12-18] ()
HKLM-x32\...\Run: [AdVPN] => C:\Program Files (x86)\AdVPN\AdVPN.exe [714752 2015-11-26] (Alto Cloud Media Ltd.)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [1139112 2015-12-08] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3488279127-63086370-3813774398-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-3488279127-63086370-3813774398-1001\...\Policies\Explorer: []
HKU\S-1-5-21-3488279127-63086370-3813774398-1004\...\Policies\Explorer: []
HKU\S-1-5-21-3488279127-63086370-3813774398-1005\...\Policies\Explorer: []
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-3488279127-63086370-3813774398-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid= {B5865D80-2A55-4462-A797-214820891782}&mid=ad3dc6166b4547d2a160c18a3d8e079d-c5f949612484ff03e1b1875070de097a99d7176f&lang=en&ds=AVG&coid=avgtbavg&cmpid=1215avz&pr=fr&d=2015-05-02 13:56:25&v=4.2.3.128&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.2.4.155\AVG Web TuneUp.dll [2015-12-18] (AVG)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.2.4.155\AVG Web TuneUp.dll [2015-12-18] (AVG)
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.2.4\\npsitesafety.dll [No File]
FF SearchPlugin: C:\Users\stephen\AppData\Roaming\Mozilla\Firefox\Profiles\iqn7ummx.default-1449965770414\searchplugins\YourSearchResults.xml [2016-01-11]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2015-12-18]
FF Extension: Block site - C:\Users\stephen\AppData\Roaming\Mozilla\Firefox\Profiles\iqn7ummx.default-1449965770414\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} [2016-01-11]
FF Extension: AVG Web TuneUp - C:\Users\stephen\AppData\Roaming\Mozilla\Firefox\Profiles\iqn7ummx.default-1449965770414\Extensions\avg@toolbar.xpi [2015-12-16]
FF HKU\S-1-5-21-3488279127-63086370-3813774398-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] [not signed]
FF HKU\S-1-5-21-3488279127-63086370-3813774398-1004\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF HKU\S-1-5-21-3488279127-63086370-3813774398-1005\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\95ECF10835EB15F3A3C6F510A9817D6295EC [2015-11-26] <==== ATTENTION
R2 AdVPN Service; C:\Program Files (x86)\AdVPN\AdVpnService.exe [35328 2015-11-26] () [File not signed]
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [627544 2015-12-16] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagent.exe [3902984 2015-12-16] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1049000 2015-12-08] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [583936 2015-12-16] (AVG Technologies CZ, s.r.o.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [4377000 2015-12-11] (AVG Technologies CZ, s.r.o.)
R2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [48552 2015-12-11] (AVG Technologies CZ, s.r.o.)
R2 UxTuneUp; C:\WINDOWS\SysWOW64\uxtuneup.dll [42408 2015-12-11] (AVG Technologies CZ, s.r.o.)
R2 vToolbarUpdater40.2.4; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.4\ToolbarUpdater.exe [1923984 2015-12-18] (AVG Secure Search)
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [1164688 2015-12-18] ()
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [23152 2015-09-09] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [184240 2015-11-06] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [315312 2015-12-04] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [298416 2015-08-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [398256 2015-08-14] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [258480 2015-12-04] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [42416 2015-12-04] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [315840 2015-12-16] (AVG Technologies CZ, s.r.o.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-01-11] ()
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [31144 2015-11-23] (TuneUp Software)
2016-01-11 13:53 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2016-01-11 13:52 - 2016-01-11 14:12 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-01-11 13:52 - 2016-01-11 13:55 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-01-11 13:52 - 2016-01-11 13:52 - 00001467 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2016-01-11 13:52 - 2016-01-11 13:52 - 00001455 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2016-01-11 13:52 - 2016-01-11 13:52 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2016-01-11 13:52 - 2016-01-11 13:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2016-01-11 13:52 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2016-01-11 13:51 - 2016-01-11 13:51 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\stephen\Downloads\spybot-2.4.exe
2016-01-11 13:25 - 2016-01-11 13:25 - 00022704 _____ C:\WINDOWS\system32\Drivers\EsgScanner.sys
2016-01-11 13:25 - 2016-01-11 13:25 - 00000000 _____ C:\autoexec.bat
2016-01-11 13:24 - 2016-01-11 13:25 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\stephen\Downloads\SpyHunter-Installer(1).exe
2016-01-06 21:53 - 2016-01-06 21:53 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\stephen\Downloads\SpyHunter-Installer.exe
2016-01-06 01:28 - 2016-01-06 01:40 - 00000000 ____D C:\Users\stephen\AppData\LocalLow\uTorrent
2015-12-15 14:27 - 2015-12-11 15:33 - 00048552 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\uxtuneup.dll
2015-12-15 14:27 - 2015-12-11 15:33 - 00042408 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\SysWOW64\uxtuneup.dll
CustomCLSID: HKU\S-1-5-21-3488279127-63086370-3813774398-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-3E48168F0BF5}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
Task: {05D59D87-96D4-4809-B3E3-97F234952844} - \One System Care Monitor -> No File <==== ATTENTION
Task: {07A4BA73-6E2C-4CC0-9C90-4582C0784378} - \APSnotifierPP2 -> No File <==== ATTENTION
Task: {0D0D7F5F-415F-4BA5-BDDE-E9795793B0CF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {0E8CBF72-BACF-456C-B418-0BC1D825D58F} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {10B3EDC6-37ED-466C-A117-CDB1E3012531} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe [2015-12-11] (AVG Technologies CZ, s.r.o.)
Task: {25A68E46-C579-4EC3-8EF5-E063E0307D1B} - \IBUpd -> No File <==== ATTENTION
Task: {35EC7C55-529C-482B-8014-350520EF20DF} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {46FAD34F-36A4-4CD0-8BCA-651D7306173F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {49811A13-6A52-49A6-A86C-242A54738A18} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {58892ADB-3640-4938-AFFD-DB5BE0C864EB} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {5B8D9BE7-190D-4AAA-B0CE-5599D6DD766A} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {5D6C13FC-A0E0-4F32-A275-A13FD1632A7A} - \One System CarePeriod -> No File <==== ATTENTION
Task: {6C901A03-B728-48FD-8253-09345D462AF3} - \APSnotifierPP1 -> No File <==== ATTENTION
Task: {71FDBB6F-0FAC-4CF6-80D6-91C47D61A6F0} - \APSnotifierPP3 -> No File <==== ATTENTION
Task: {7E05E333-440E-4A41-A615-CDD8579B0F5E} - \SmartWeb Upgrade Trigger Task -> No File <==== ATTENTION
Task: {8AEDF436-33EE-442E-A1FD-C28DFCCEFF25} - \SwiftSearch Auto Updater 1.10.0.25 Core -> No File <==== ATTENTION
Task: {8D435A42-F6A4-452D-B01A-E8AB4CA713C0} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {9027744C-BC63-42FB-9581-8CE3CDCB06A5} - \One System Care Run Delay -> No File <==== ATTENTION
B75A4-B30B-451B-914F-0F05E7C19F46} - \SwiftSearch Auto Updater 1.10.0.25 Pending Update -> No File <==== ATTENTION
Task: {A82CF6DE-22FC-4106-B744-E1011BE2AD50} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {D2794EA9-DE59-4E4C-A896-369704F28B51} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {D7D1F4A3-AEC0-46E2-8941-FCCEBE89056D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {EB8FBA59-4982-4D21-8793-EDB8B55056E8} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {FB5EB42F-2D5B-49C4-B8D7-829794D7B939} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm
FirewallRules: [{5ED036ED-F5AB-4048-BDFC-E8B47D75749A}] => (Allow) D:\Program Files (x86)\FrostWire 6\FrostWire.exe
FirewallRules: [{D17527EF-2462-4A78-9F98-2A7798A0EAC5}] => (Allow) D:\Program Files (x86)\FrostWire 6\FrostWire.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
FirewallRules: [{8C209DAE-C769-4D16-A8CA-04247FDF68EE}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{563ACA44-5FBF-47FD-A368-945205C57BE6}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{06CADD38-A975-479C-801F-433E8AA7ACEF}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{62E09C26-A72C-4760-993C-DB48D3A0D308}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
AVG (Version: 16.31.7356 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4492 - AVG Technologies) Hidden
AVG PC TuneUp (x32 Version: 16.13.3 - AVG Technologies) Hidden
AVG Zen (Version: 1.31.9 - AVG Technologies) Hidden
FMW 1 (Version: 1.42.1 - AVG Technologies) Hidden

C:\Program Files (x86)\AVG
C:\Program Files (x86)\AVG Web TuneUp
C:\Program Files (x86)\AdVPN
C:\Program Files\Common Files\AV\Spybot - Search and Destroy
C:\Program Files\AVG Web TuneUp
C:\Program Files\McAfee Security Scan
C:\Program Files (x86)\AVG Web TuneUp
C:\Program Files (x86)\Common Files\AVG Secure Search
C:\ProgramData\McAfee Security Scan
C:\Windows\System32\DRIVERS\avgboota.sys
C:\Windows\System32\DRIVERS\avgdiska.sys
C:\Windows\System32\DRIVERS\avgidsdrivera.sys
C:\Windows\System32\DRIVERS\avgidsha.sys
C:\Windows\System32\DRIVERS\avgldx64.sys
C:\Windows\System32\DRIVERS\avgloga.sys
C:\Windows\System32\DRIVERS\avgmfx64.sys
C:\Windows\System32\DRIVERS\avgrkx64.sys
C:\Windows\system32\DRIVERS\avgwfpa.sys
D:\Program Files (x86)\FrostWire 6

Hosts:
EmptyTemp:
CMD: ipconfig /flushdns
*****************

Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AVG_UI => value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\vProt => value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AdVPN => value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AvgUi => value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SDTray => value not found.
HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon => key not found.
HKU\S-1-5-21-3488279127-63086370-3813774398-1001\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotPostWindows10UpgradeReInstall => value removed successfully
HKU\S-1-5-21-3488279127-63086370-3813774398-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\ => value removed successfully
HKU\S-1-5-21-3488279127-63086370-3813774398-1004\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\ => value not found.
HKU\S-1-5-21-3488279127-63086370-3813774398-1005\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\ => value not found.
hklm\System\CurrentControlSet\Control\Session Manager\\BootExecute => value restored successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
HKU\S-1-5-21-3488279127-63086370-3813774398-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found.
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found.
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} => key not found.
HKCR\Wow6432Node\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found.
HKCR\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin => key not found.
"C:\Users\stephen\AppData\Roaming\Mozilla\Firefox\Profiles\iqn7ummx.default-1449965770414\searchplugins\YourSearchResults.xml" => not found.
"C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml" => not found.
C:\Users\stephen\AppData\Roaming\Mozilla\Firefox\Profiles\iqn7ummx.default-1449965770414\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} => moved successfully
C:\Users\stephen\AppData\Roaming\Mozilla\Firefox\Profiles\iqn7ummx.default-1449965770414\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} => path removed successfully
C:\Users\stephen\AppData\Roaming\Mozilla\Firefox\Profiles\iqn7ummx.default-1449965770414\Extensions\avg@toolbar.xpi => not found.
HKU\S-1-5-21-3488279127-63086370-3813774398-1001\Software\Mozilla\Firefox\Extensions\\{e4f94d1e-2f53-401e-8885-681602c0ddd8} => value not found.
C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi => not found.
HKU\S-1-5-21-3488279127-63086370-3813774398-1004\Software\Mozilla\Firefox\Extensions\\{e4f94d1e-2f53-401e-8885-681602c0ddd8} => value not found.
HKU\S-1-5-21-3488279127-63086370-3813774398-1005\Software\Mozilla\Firefox\Extensions\\{e4f94d1e-2f53-401e-8885-681602c0ddd8} => value not found.
C:\Program Files (x86)\mozilla firefox\95ECF10835EB15F3A3C6F510A9817D6295EC => moved successfully
AdVPN Service => service not found.
AvgAMPS => service not found.
AVGIDSAgent => service not found.
avgsvc => service not found.
avgwd => service not found.
McComponentHostService => service not found.
TuneUp.UtilitiesSvc => service not found.
UxTuneUp => service not found.
UxTuneUp => service not found.
vToolbarUpdater40.2.4 => service not found.
WtuSystemSupport => service not found.
Avgboota => service not found.
Avgdiska => service not found.
AVGIDSDriver => service not found.
AVGIDSHA => service not found.
Avgldx64 => service not found.
Avgloga => service not found.
Avgmfx64 => service not found.
Avgrkx64 => service not found.
Avgwfpa => service not found.
EsgScanner => service removed successfully
TuneUpUtilitiesDrv => service not found.
C:\Users\Public\Desktop\Post Win10 Spybot-install.exe => moved successfully
C:\ProgramData\Spybot - Search & Destroy => moved successfully
C:\Program Files (x86)\Spybot - Search & Destroy 2 => moved successfully
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk" => not found.
"C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk" => not found.
C:\WINDOWS\System32\Tasks\Safer-Networking => moved successfully
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2" => not found.
"C:\WINDOWS\system32\sdnclean64.exe" => not found.
C:\Users\stephen\Downloads\spybot-2.4.exe => moved successfully
C:\WINDOWS\system32\Drivers\EsgScanner.sys => moved successfully
C:\autoexec.bat => moved successfully
C:\Users\stephen\Downloads\SpyHunter-Installer(1).exe => moved successfully
C:\Users\stephen\Downloads\SpyHunter-Installer.exe => moved successfully
C:\Users\stephen\AppData\LocalLow\uTorrent => moved successfully
"C:\WINDOWS\system32\uxtuneup.dll" => not found.
"C:\WINDOWS\SysWOW64\uxtuneup.dll" => not found.
"HKU\S-1-5-21-3488279127-63086370-3813774398-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-3E48168F0BF5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{05D59D87-96D4-4809-B3E3-97F234952844}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{05D59D87-96D4-4809-B3E3-97F234952844}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\One System Care Monitor => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{07A4BA73-6E2C-4CC0-9C90-4582C0784378}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{07A4BA73-6E2C-4CC0-9C90-4582C0784378}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP2 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0D0D7F5F-415F-4BA5-BDDE-E9795793B0CF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0D0D7F5F-415F-4BA5-BDDE-E9795793B0CF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0E8CBF72-BACF-456C-B418-0BC1D825D58F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0E8CBF72-BACF-456C-B418-0BC1D825D58F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{10B3EDC6-37ED-466C-A117-CDB1E3012531}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{10B3EDC6-37ED-466C-A117-CDB1E3012531}" => key removed successfully
C:\WINDOWS\System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVGPCTuneUp_Task_BkGndMaintenance" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{25A68E46-C579-4EC3-8EF5-E063E0307D1B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{25A68E46-C579-4EC3-8EF5-E063E0307D1B}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IBUpd => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{35EC7C55-529C-482B-8014-350520EF20DF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{35EC7C55-529C-482B-8014-350520EF20DF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{46FAD34F-36A4-4CD0-8BCA-651D7306173F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{46FAD34F-36A4-4CD0-8BCA-651D7306173F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{49811A13-6A52-49A6-A86C-242A54738A18}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{49811A13-6A52-49A6-A86C-242A54738A18}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{58892ADB-3640-4938-AFFD-DB5BE0C864EB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{58892ADB-3640-4938-AFFD-DB5BE0C864EB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5B8D9BE7-190D-4AAA-B0CE-5599D6DD766A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5B8D9BE7-190D-4AAA-B0CE-5599D6DD766A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5D6C13FC-A0E0-4F32-A275-A13FD1632A7A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5D6C13FC-A0E0-4F32-A275-A13FD1632A7A}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\One System CarePeriod => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6C901A03-B728-48FD-8253-09345D462AF3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6C901A03-B728-48FD-8253-09345D462AF3}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP1 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{71FDBB6F-0FAC-4CF6-80D6-91C47D61A6F0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{71FDBB6F-0FAC-4CF6-80D6-91C47D61A6F0}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP3 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7E05E333-440E-4A41-A615-CDD8579B0F5E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7E05E333-440E-4A41-A615-CDD8579B0F5E}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartWeb Upgrade Trigger Task => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8AEDF436-33EE-442E-A1FD-C28DFCCEFF25}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8AEDF436-33EE-442E-A1FD-C28DFCCEFF25}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SwiftSearch Auto Updater 1.10.0.25 Core => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8D435A42-F6A4-452D-B01A-E8AB4CA713C0} => key not found.
C:\WINDOWS\System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9027744C-BC63-42FB-9581-8CE3CDCB06A5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9027744C-BC63-42FB-9581-8CE3CDCB06A5}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\One System Care Run Delay => key not found.
B75A4-B30B-451B-914F-0F05E7C19F46} - \SwiftSearch Auto Updater 1.10.0.25 Pending Update -> No File <==== ATTENTION => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A82CF6DE-22FC-4106-B744-E1011BE2AD50}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A82CF6DE-22FC-4106-B744-E1011BE2AD50}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D2794EA9-DE59-4E4C-A896-369704F28B51}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D2794EA9-DE59-4E4C-A896-369704F28B51}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D7D1F4A3-AEC0-46E2-8941-FCCEBE89056D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D7D1F4A3-AEC0-46E2-8941-FCCEBE89056D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EB8FBA59-4982-4D21-8793-EDB8B55056E8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EB8FBA59-4982-4D21-8793-EDB8B55056E8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FB5EB42F-2D5B-49C4-B8D7-829794D7B939} => key not found.
C:\WINDOWS\System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot - Search and Destroy\Check for updates => key not found.
C:\ProgramData\Reprise => ":wupeogjxldtlfudivq`qsp`26hfm" ADS removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5ED036ED-F5AB-4048-BDFC-E8B47D75749A} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D17527EF-2462-4A78-9F98-2A7798A0EAC5} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8C209DAE-C769-4D16-A8CA-04247FDF68EE} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{563ACA44-5FBF-47FD-A368-945205C57BE6} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{06CADD38-A975-479C-801F-433E8AA7ACEF} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{62E09C26-A72C-4760-993C-DB48D3A0D308} => value not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\SystemComponent => value not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\SystemComponent => value not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\\SystemComponent => value not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\SystemComponent => value not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\SystemComponent => value not found.
C:\Program Files (x86)\AVG => moved successfully
"C:\Program Files (x86)\AVG Web TuneUp" => not found.
"C:\Program Files (x86)\AdVPN" => not found.
C:\Program Files\Common Files\AV\Spybot - Search and Destroy => moved successfully
"C:\Program Files\AVG Web TuneUp" => not found.
"C:\Program Files\McAfee Security Scan" => not found.
"C:\Program Files (x86)\AVG Web TuneUp" => not found.
"C:\Program Files (x86)\Common Files\AVG Secure Search" => not found.
"C:\ProgramData\McAfee Security Scan" => not found.
"C:\Windows\System32\DRIVERS\avgboota.sys" => not found.
"C:\Windows\System32\DRIVERS\avgdiska.sys" => not found.
"C:\Windows\System32\DRIVERS\avgidsdrivera.sys" => not found.
"C:\Windows\System32\DRIVERS\avgidsha.sys" => not found.
"C:\Windows\System32\DRIVERS\avgldx64.sys" => not found.
"C:\Windows\System32\DRIVERS\avgloga.sys" => not found.
"C:\Windows\System32\DRIVERS\avgmfx64.sys" => not found.
"C:\Windows\System32\DRIVERS\avgrkx64.sys" => not found.
"C:\Windows\system32\DRIVERS\avgwfpa.sys" => not found.
D:\Program Files (x86)\FrostWire 6 => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => 155.7 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 01:58:36 ====
Blazinby
Regular Member
 
Posts: 18
Joined: January 11th, 2016, 7:46 pm

Re: finish off malware removal

Unread postby capnkrunch » January 20th, 2016, 11:16 am

Hello Blazinby :)

Good job with those steps. Let's continue...

Blazinby wrote:re-eneabled start up items as per your instructions but everytime I reboot it goes back to selective startup

What method did you use to disable the startup items? Was it done through MSConfig or possibly CCleaner or a different program?

Step one...

FRST Fix
  • Please delete any copies of FRST64.exe currently on your computer. Download a new copy from HERE and save it to your Desktop.
  • Press the Windows Key + R.
  • Type notepad.exe into the text box and click OK.
  • A blank Notepad page should open.
    • Copy and Paste the following script into Notepad, Do not include the words Code: Select all.
    • (Click the Select all button next to Code: to select the entire script).
    Code: Select all
    CreateRestorePoint:
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-01-16]
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.11.266\SSScheduler.exe (McAfee, Inc.)
    S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.11.266\McCHSvc.exe [235696 2015-12-02] (McAfee, Inc.)
    2016-01-16 11:03 - 2016-01-16 11:03 - 00002233 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
    2016-01-16 11:03 - 2016-01-16 11:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
    2016-01-16 11:03 - 2016-01-16 11:03 - 00000000 ____D C:\ProgramData\McAfee Security Scan
    2016-01-16 11:03 - 2016-01-16 11:03 - 00000000 ____D C:\Program Files (x86)\McAfee Security Scan
    2016-01-14 22:49 - 2015-12-08 02:41 - 00000000 ____D C:\Users\stephen\AppData\Local\AvgSetupLog
    2016-01-14 22:49 - 2014-09-24 17:42 - 00000000 ____D C:\ProgramData\AVG
    2016-01-14 22:48 - 2014-09-24 17:46 - 00000000 ____D C:\Users\stephen\AppData\Local\Avg
    2016-01-07 00:03 - 2014-10-06 09:00 - 00000000 ____D C:\Users\cmcga_000\AppData\Local\Avg
    2016-01-07 00:03 - 2014-09-25 06:56 - 00000000 ____D C:\Users\maggi_000\AppData\Local\Avg
    Task: {944B75A4-B30B-451B-914F-0F05E7C19F46} - \SwiftSearch Auto Updater 1.10.0.25 Pending Update -> No File <==== ATTENTION
    
    EmptyTemp:
    CMD: ipconfig /flushdns
  • Save it next to FRST.exe as fixlist.txt.
    Important! fixlist.txt must be saved in the same directory as FRST.exe to work.
  • Right click on FRST.exe and select Run as administrator.
  • Press the Fix button one time only and wait.
  • When FRST finishes you will be prompted to reboot your computer. Click OK.
  • Your computer should now restart. On reboot navigate to your Desktop where you should find Fixlog.txt. Copy and paste the contents in your reply.

Step two...

I see you have Malwarebytes Anti-Malware installed. I would like you to run a scan with it.

Malwarebytes Anti-Malware (MBAM) Scan
Note: you need to be connected to the internet so that MBAM can download any updates it needs to.
  • Please close all open programs and windows so that you are at your Desktop.
  • Press the Windows Key + R.
  • Type mbam.exe into the text box and click OK.
  • Allow MBAM to update if it asks you to.
  • Click Scan Now. MBAM will update its databases and proceed to scan your computer.
  • If prompted to allow a reboot please do so.
    Failing to reboot when asked can prevent MBAM from removing all the malware it finds.
  • Once the scan is finished click Save Results >> in the bottom right corner and select Copy to Clipboard. Paste the results in your next reply.
    The log file can also be found at C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs. Look for the one with the current date and time.

Step three...

FRST Registry Search
  • You should still have FRST64.exe on your Desktop. If not please download it HERE.
  • Copy and Paste the following script into the Search box.
    • Do not include the words Code: Select all.
    • (Click the Select all button next to Code: to select the entire script).
    Code: Select all
    chrome
  • Press the Search Registry button and wait while the search finishes. It may take 10 minutes or more.
  • Once finished, a file will open: Search.txt. Please copy and paste the contents of both logs in your reply.
    The log can also be found in the same directory where FRST was run from.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections...

In your next reply please include:
  • Did you have any problems with the instructions?
  • Answers to my questions about startup items
  • Fixlog.txt
  • The MBAM log
  • Search.txt
  • Are there any changes in computer behavior?
User avatar
capnkrunch
MRU Master
MRU Master
 
Posts: 793
Joined: March 20th, 2015, 6:41 pm
Location: Chicago

Re: finish off malware removal

Unread postby Blazinby » January 21st, 2016, 6:40 pm

Hi capnkrunch :) ,

I have disabled things in the past mostly with msconfig but some items were also disabled using AVG PC tuneup

here are my logs and I will post them seperately

Fix result of Farbar Recovery Scan Tool (x64) Version:18-01-2016
Ran by stephen (2016-01-21 22:22:38) Run:2
Running from C:\Users\stephen\Desktop
Loaded Profiles: stephen (Available Profiles: stephen & maggi_000 & cmcga_000)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-01-16]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.11.266\SSScheduler.exe (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.11.266\McCHSvc.exe [235696 2015-12-02] (McAfee, Inc.)
2016-01-16 11:03 - 2016-01-16 11:03 - 00002233 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2016-01-16 11:03 - 2016-01-16 11:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2016-01-16 11:03 - 2016-01-16 11:03 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2016-01-16 11:03 - 2016-01-16 11:03 - 00000000 ____D C:\Program Files (x86)\McAfee Security Scan
2016-01-14 22:49 - 2015-12-08 02:41 - 00000000 ____D C:\Users\stephen\AppData\Local\AvgSetupLog
2016-01-14 22:49 - 2014-09-24 17:42 - 00000000 ____D C:\ProgramData\AVG
2016-01-14 22:48 - 2014-09-24 17:46 - 00000000 ____D C:\Users\stephen\AppData\Local\Avg
2016-01-07 00:03 - 2014-10-06 09:00 - 00000000 ____D C:\Users\cmcga_000\AppData\Local\Avg
2016-01-07 00:03 - 2014-09-25 06:56 - 00000000 ____D C:\Users\maggi_000\AppData\Local\Avg
Task: {944B75A4-B30B-451B-914F-0F05E7C19F46} - \SwiftSearch Auto Updater 1.10.0.25 Pending Update -> No File <==== ATTENTION

EmptyTemp:
CMD: ipconfig /flushdns
*****************

Restore point was successfully created.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk => not found.
C:\Program Files (x86)\McAfee Security Scan\3.11.266\SSScheduler.exe => not found.
McComponentHostService => service not found.
"C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk" => not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus" => not found.
"C:\ProgramData\McAfee Security Scan" => not found.
"C:\Program Files (x86)\McAfee Security Scan" => not found.
C:\Users\stephen\AppData\Local\AvgSetupLog => moved successfully
C:\ProgramData\AVG => moved successfully
C:\Users\stephen\AppData\Local\Avg => moved successfully
C:\Users\cmcga_000\AppData\Local\Avg => moved successfully
C:\Users\maggi_000\AppData\Local\Avg => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{944B75A4-B30B-451B-914F-0F05E7C19F46}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{944B75A4-B30B-451B-914F-0F05E7C19F46}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SwiftSearch Auto Updater 1.10.0.25 Pending Update => key not found.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => 2.1 GB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 22:22:47 ====
Blazinby
Regular Member
 
Posts: 18
Joined: January 11th, 2016, 7:46 pm

Re: finish off malware removal

Unread postby Blazinby » January 21st, 2016, 6:42 pm

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 21/01/2016
Scan Time: 22:26
Logfile: mbam.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2016.01.21.05
Rootkit Database: v2016.01.20.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: stephen

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 480367
Time Elapsed: 4 min, 24 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 2
PUP.Optional.YourSearchResults.ShrtCln, C:\Users\cmcga_000\AppData\Roaming\Mozilla\Firefox\Profiles\xdbengq.default\searchplugins\YourSearchResults.xml, , [dc6d81bb079294a2f7c34cdd7292f30d],
PUP.Optional.YourSearchResults.ShrtCln, C:\Users\maggi_000\AppData\Roaming\Mozilla\Firefox\Profiles\c4sleunq.default-1443162559677\searchplugins\YourSearchResults.xml, , [da6fb9834653b77f57634bde3aca7888],

Physical Sectors: 0
(No malicious items detected)


(end)
Blazinby
Regular Member
 
Posts: 18
Joined: January 11th, 2016, 7:46 pm

Re: finish off malware removal

Unread postby Blazinby » January 21st, 2016, 6:43 pm

Farbar Recovery Scan Tool (x64) Version:18-01-2016
Ran by stephen (2016-01-21 22:35:25)
Running from C:\Users\stephen\Desktop
Boot Mode: Normal

================== Search Registry: "chrome" ===========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{418DFBFA-4DE8-41C0-A272-727307252DBD}]
""="Enterprise Chrome"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d8a04f01-4570-45cc-bffa-37c79cf7208c}]
""="Chrome Controls"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Components\0634B38E802C52345940D03200A3475A]
"AppSharingChromeHook.x64.dll"="Vz`gY,3K,?HcCDN2wW9tLync32With64Bits>PeTyMX]`S?Wyr3x}&a`E"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Components\613B99D5CFD7FCB4793B500086BB4113]
"{E83B4360-C208-4325-9504-0D23003A74A5},AppSharingChromeHook.x64.dll"="yh1BVR!!!!4!!!!MKKSkGimme_OnDemandData<Lync32With64Bits"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4EA5C164-584A-4BA9-B420-86AA52D1C92F}]
""="IEnterpriseChromeManager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B41C09AA-0E12-4DA0-829E-0BA17FCA01BA}]
""="IEnterpriseChromeServiceProvider"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{418DFBFA-4DE8-41C0-A272-727307252DBD}]
""="Enterprise Chrome"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{d8a04f01-4570-45cc-bffa-37c79cf7208c}]
""="Chrome Controls"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4EA5C164-584A-4BA9-B420-86AA52D1C92F}]
""="IEnterpriseChromeManager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B41C09AA-0E12-4DA0-829E-0BA17FCA01BA}]
""="IEnterpriseChromeServiceProvider"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\15.0\ClickToRun\REGISTRY\MACHINE\Software\Classes\Installer\Components\613B99D5CFD7FCB4793B500086BB4113]
"{E83B4360-C208-4325-9504-0D23003A74A5},AppSharingChromeHook.x86.dll"="yh1BV3!!!!!!!!!MKKSkGimme_OnDemandData<LyncCoreFiles"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0021D47C0690A5A498E5503E1B0AB076]
"7D2F3875100F0000102000060BECB6AB"="D:\Program Files\Autodesk\AutoCAD 2016\Drv\monochrome12.hdi"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0021D47C0690A5A498E5503E1B0AB076\7D2F3875100F0000102000060BECB6AB]
"File"="_Monochrome.hdi._26B33BEE7634.0F464096_C58D_46AD_8FE5_898F18283042"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0ACEB7214602EB239857DAB3B2E62A60]
"7D2F3875100F0000102000060BECB6AB"="D:\Program Files\Autodesk\AutoCAD 2016\Inventor Server\Textures\Chrome.dds"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0ACEB7214602EB239857DAB3B2E62A60\7D2F3875100F0000102000060BECB6AB]
"File"="_Chrome.dds_127BECA0_2064_32BE_8975_AD3B2B6EA206.029C8BC0_A124_37AE_8431_C1B71CD7BE80"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\133DE6FB10EBBF4448383F5A6042290A]
"7D2F3875100F9040122000060BECB6AB"="D:\Program Files\Autodesk\AutoCAD 2016\UserDataCache\Plotters\Plot Styles\monochrome.stb"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261C22C151F678848B6DAFC372506715]
"7D2F3875100F9040122000060BECB6AB"="D:\Program Files\Autodesk\AutoCAD 2016\UserDataCache\Plotters\Plot Styles\monochrome.ctb"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5431B9A6468121141981F6DD9122D4D7]
"7D2F3875100D0000102000060BECB6AB"="D:\Program Files\Autodesk\AutoCAD 2014\Inventor Server\Bin\Effects\Shaders\Direct3D9\FilterMonochrome.fx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\56C169AF4602B4A3A9D2E22FB7D417F4]
"7D2F3875100F0000102000060BECB6AB"="D:\Program Files\Autodesk\AutoCAD 2016\Inventor Server\Bin\Effects\Shaders\Direct3D10\FilterMonochrome10.fx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\56C169AF4602B4A3A9D2E22FB7D417F4\7D2F3875100F0000102000060BECB6AB]
"File"="_FilterMonochrome10.fx_FA961C65_2064_3A4B_9A2D_2EF27B4D714F.029C8BC0_A124_37AE_8431_C1B71CD7BE80"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\585C116796FF8294289A166F2CA944C5]
"99E80CA9B0328e74791254777B1F42AE"="C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\AppSharingChromeHook64.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\85FAEB6846811394BA1DD00449D7CEB7]
"7D2F3875100D0000102000060BECB6AB"="D:\Program Files\Autodesk\AutoCAD 2014\Inventor Server\Bin\Effects\Shaders\Direct3D10\FilterMonochrome10.fx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8F845DF4D8546D11CA4A000B0D97DC5F]
"7D2F3875100D0000102000060BECB6AB"="D:\Program Files\Autodesk\AutoCAD 2014\UserDataCache\Plotters\Plot Styles\monochrome.ctb"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8F845DF4D8546D11CA4A000B0D97DC5F\7D2F3875100D0000102000060BECB6AB]
"File"="RDF_COMP_monochrome.ctb"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A0945DF4D8546D11CA4A000B0D97DC5F]
"7D2F3875100D0000102000060BECB6AB"="D:\Program Files\Autodesk\AutoCAD 2014\UserDataCache\Plotters\Plot Styles\monochrome.stb"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A0945DF4D8546D11CA4A000B0D97DC5F\7D2F3875100D0000102000060BECB6AB]
"File"="RDF_COMP_monochrome.stb"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A209A01C0E64CA44F9928F7B89FA3CAE]
"D0C652567EF3E2D4BBE3351F7145188C"="C:\Program Files (x86)\Sony\Media Go\chrome.pak"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A4271B1F46029F93285D30831C3E23A5]
"7D2F3875100F0000102000060BECB6AB"="D:\Program Files\Autodesk\AutoCAD 2016\Inventor Server\Bin\Effects\Shaders\Direct3D9\FilterMonochrome.fx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A4271B1F46029F93285D30831C3E23A5\7D2F3875100F0000102000060BECB6AB]
"File"="_FilterMonochrome.fx_F1B1724A_2064_39F9_82D5_0338C1E3325A.029C8BC0_A124_37AE_8431_C1B71CD7BE80"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A8CBBF32012F688408AA1329796889A0]
"E6CFC4B60BCEEF74593D566C08DE6078"="C:\?Program Files (x86)\Common Files\Autodesk Shared\Materials\Textures\1\Mats\Doors - Windows.Door Hardware.Chrome.Satin.jpg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AAE25D62468100941A6BB710D3905482]
"7D2F3875100D0000102000060BECB6AB"="D:\Program Files\Autodesk\AutoCAD 2014\Inventor Server\Textures\Chrome.dds"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AAE25D62468100941A6BB710D3905482\7D2F3875100D0000102000060BECB6AB]
"File"="Chrome.dds.DE6FF520_1864_4537_B911_8FF8D97370EB"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BDA5E9F5B7FB9924B8A45744DC05FDCE]
"4A88405304513014F8102B573098E10B"="D:\Program Files\SketchUp\SketchUp 2015\Styles\Assorted Styles\Monochrome Screen.style"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DADDA94C323253140BD3503E1B0AB076]
"7D2F3875100D0000102000060BECB6AB"="D:\Program Files\Autodesk\AutoCAD 2014\Drv\monochrome11.hdi"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DADDA94C323253140BD3503E1B0AB076\7D2F3875100D0000102000060BECB6AB]
"File"="RDF_COMP_monochrome11.hdi"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7A426F32512C5440BC3A12282C476CC]
"E6CFC4B60BCEEF74593D566C08DE6078"="C:\?Program Files (x86)\Common Files\Autodesk Shared\Materials\Textures\1\Mats\Metals.Ornamental Metals.Chrome.Satin.jpg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chrome.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Chrome]
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\No Chrome Offer Until]
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"ap"="-dev-multi-chrome"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"ap"="2.0-dev-multi-chrome"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\Program Files (x86)\Common Files\Autodesk Shared\Materials\Textures\1\Mats\Doors - Windows.Door Hardware.Chrome.Satin.jpg"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\Program Files (x86)\Common Files\Autodesk Shared\Materials\Textures\1\Mats\Metals.Ornamental Metals.Chrome.Satin.jpg"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chrome.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\NVIDIA Corporation\Global\Stereo3D\GameConfigs\Chrome]
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\CLSID\{418DFBFA-4DE8-41C0-A272-727307252DBD}]
""="Enterprise Chrome"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\CLSID\{d8a04f01-4570-45cc-bffa-37c79cf7208c}]
""="Chrome Controls"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\Interface\{4EA5C164-584A-4BA9-B420-86AA52D1C92F}]
""="IEnterpriseChromeManager"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\Interface\{B41C09AA-0E12-4DA0-829E-0BA17FCA01BA}]
""="IEnterpriseChromeServiceProvider"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{418DFBFA-4DE8-41C0-A272-727307252DBD}]
""="Enterprise Chrome"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d8a04f01-4570-45cc-bffa-37c79cf7208c}]
""="Chrome Controls"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Components\0634B38E802C52345940D03200A3475A]
"AppSharingChromeHook.x64.dll"="Vz`gY,3K,?HcCDN2wW9tLync32With64Bits>PeTyMX]`S?Wyr3x}&a`E"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Components\613B99D5CFD7FCB4793B500086BB4113]
"{E83B4360-C208-4325-9504-0D23003A74A5},AppSharingChromeHook.x64.dll"="yh1BVR!!!!4!!!!MKKSkGimme_OnDemandData<Lync32With64Bits"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4EA5C164-584A-4BA9-B420-86AA52D1C92F}]
""="IEnterpriseChromeManager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B41C09AA-0E12-4DA0-829E-0BA17FCA01BA}]
""="IEnterpriseChromeServiceProvider"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{418DFBFA-4DE8-41C0-A272-727307252DBD}]
""="Enterprise Chrome"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{d8a04f01-4570-45cc-bffa-37c79cf7208c}]
""="Chrome Controls"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4EA5C164-584A-4BA9-B420-86AA52D1C92F}]
""="IEnterpriseChromeManager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B41C09AA-0E12-4DA0-829E-0BA17FCA01BA}]
""="IEnterpriseChromeServiceProvider"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\15.0\ClickToRun\REGISTRY\MACHINE\Software\Classes\Installer\Components\613B99D5CFD7FCB4793B500086BB4113]
"{E83B4360-C208-4325-9504-0D23003A74A5},AppSharingChromeHook.x86.dll"="yh1BV3!!!!!!!!!MKKSkGimme_OnDemandData<LyncCoreFiles"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0021D47C0690A5A498E5503E1B0AB076]
"7D2F3875100F0000102000060BECB6AB"="D:\Program Files\Autodesk\AutoCAD 2016\Drv\monochrome12.hdi"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0021D47C0690A5A498E5503E1B0AB076\7D2F3875100F0000102000060BECB6AB]
"File"="_Monochrome.hdi._26B33BEE7634.0F464096_C58D_46AD_8FE5_898F18283042"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0ACEB7214602EB239857DAB3B2E62A60]
"7D2F3875100F0000102000060BECB6AB"="D:\Program Files\Autodesk\AutoCAD 2016\Inventor Server\Textures\Chrome.dds"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0ACEB7214602EB239857DAB3B2E62A60\7D2F3875100F0000102000060BECB6AB]
"File"="_Chrome.dds_127BECA0_2064_32BE_8975_AD3B2B6EA206.029C8BC0_A124_37AE_8431_C1B71CD7BE80"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\133DE6FB10EBBF4448383F5A6042290A]
"7D2F3875100F9040122000060BECB6AB"="D:\Program Files\Autodesk\AutoCAD 2016\UserDataCache\Plotters\Plot Styles\monochrome.stb"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261C22C151F678848B6DAFC372506715]
"7D2F3875100F9040122000060BECB6AB"="D:\Program Files\Autodesk\AutoCAD 2016\UserDataCache\Plotters\Plot Styles\monochrome.ctb"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5431B9A6468121141981F6DD9122D4D7]
"7D2F3875100D0000102000060BECB6AB"="D:\Program Files\Autodesk\AutoCAD 2014\Inventor Server\Bin\Effects\Shaders\Direct3D9\FilterMonochrome.fx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\56C169AF4602B4A3A9D2E22FB7D417F4]
"7D2F3875100F0000102000060BECB6AB"="D:\Program Files\Autodesk\AutoCAD 2016\Inventor Server\Bin\Effects\Shaders\Direct3D10\FilterMonochrome10.fx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\56C169AF4602B4A3A9D2E22FB7D417F4\7D2F3875100F0000102000060BECB6AB]
"File"="_FilterMonochrome10.fx_FA961C65_2064_3A4B_9A2D_2EF27B4D714F.029C8BC0_A124_37AE_8431_C1B71CD7BE80"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\585C116796FF8294289A166F2CA944C5]
"99E80CA9B0328e74791254777B1F42AE"="C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\AppSharingChromeHook64.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\85FAEB6846811394BA1DD00449D7CEB7]
"7D2F3875100D0000102000060BECB6AB"="D:\Program Files\Autodesk\AutoCAD 2014\Inventor Server\Bin\Effects\Shaders\Direct3D10\FilterMonochrome10.fx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8F845DF4D8546D11CA4A000B0D97DC5F]
"7D2F3875100D0000102000060BECB6AB"="D:\Program Files\Autodesk\AutoCAD 2014\UserDataCache\Plotters\Plot Styles\monochrome.ctb"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8F845DF4D8546D11CA4A000B0D97DC5F\7D2F3875100D0000102000060BECB6AB]
"File"="RDF_COMP_monochrome.ctb"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A0945DF4D8546D11CA4A000B0D97DC5F]
"7D2F3875100D0000102000060BECB6AB"="D:\Program Files\Autodesk\AutoCAD 2014\UserDataCache\Plotters\Plot Styles\monochrome.stb"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A0945DF4D8546D11CA4A000B0D97DC5F\7D2F3875100D0000102000060BECB6AB]
"File"="RDF_COMP_monochrome.stb"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A209A01C0E64CA44F9928F7B89FA3CAE]
"D0C652567EF3E2D4BBE3351F7145188C"="C:\Program Files (x86)\Sony\Media Go\chrome.pak"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A4271B1F46029F93285D30831C3E23A5]
"7D2F3875100F0000102000060BECB6AB"="D:\Program Files\Autodesk\AutoCAD 2016\Inventor Server\Bin\Effects\Shaders\Direct3D9\FilterMonochrome.fx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A4271B1F46029F93285D30831C3E23A5\7D2F3875100F0000102000060BECB6AB]
"File"="_FilterMonochrome.fx_F1B1724A_2064_39F9_82D5_0338C1E3325A.029C8BC0_A124_37AE_8431_C1B71CD7BE80"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A8CBBF32012F688408AA1329796889A0]
"E6CFC4B60BCEEF74593D566C08DE6078"="C:\?Program Files (x86)\Common Files\Autodesk Shared\Materials\Textures\1\Mats\Doors - Windows.Door Hardware.Chrome.Satin.jpg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AAE25D62468100941A6BB710D3905482]
"7D2F3875100D0000102000060BECB6AB"="D:\Program Files\Autodesk\AutoCAD 2014\Inventor Server\Textures\Chrome.dds"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AAE25D62468100941A6BB710D3905482\7D2F3875100D0000102000060BECB6AB]
"File"="Chrome.dds.DE6FF520_1864_4537_B911_8FF8D97370EB"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BDA5E9F5B7FB9924B8A45744DC05FDCE]
"4A88405304513014F8102B573098E10B"="D:\Program Files\SketchUp\SketchUp 2015\Styles\Assorted Styles\Monochrome Screen.style"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DADDA94C323253140BD3503E1B0AB076]
"7D2F3875100D0000102000060BECB6AB"="D:\Program Files\Autodesk\AutoCAD 2014\Drv\monochrome11.hdi"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DADDA94C323253140BD3503E1B0AB076\7D2F3875100D0000102000060BECB6AB]
"File"="RDF_COMP_monochrome11.hdi"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7A426F32512C5440BC3A12282C476CC]
"E6CFC4B60BCEEF74593D566C08DE6078"="C:\?Program Files (x86)\Common Files\Autodesk Shared\Materials\Textures\1\Mats\Metals.Ornamental Metals.Chrome.Satin.jpg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chrome.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Chrome]
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\No Chrome Offer Until]
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"ap"="-dev-multi-chrome"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"ap"="2.0-dev-multi-chrome"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\Program Files (x86)\Common Files\Autodesk Shared\Materials\Textures\1\Mats\Doors - Windows.Door Hardware.Chrome.Satin.jpg"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\Program Files (x86)\Common Files\Autodesk Shared\Materials\Textures\1\Mats\Metals.Ornamental Metals.Chrome.Satin.jpg"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chrome.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\NVIDIA Corporation\Global\Stereo3D\GameConfigs\Chrome]
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\CLSID\{418DFBFA-4DE8-41C0-A272-727307252DBD}]
""="Enterprise Chrome"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\CLSID\{d8a04f01-4570-45cc-bffa-37c79cf7208c}]
""="Chrome Controls"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\Interface\{4EA5C164-584A-4BA9-B420-86AA52D1C92F}]
""="IEnterpriseChromeManager"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\Interface\{B41C09AA-0E12-4DA0-829E-0BA17FCA01BA}]
""="IEnterpriseChromeServiceProvider"
[HKEY_USERS\.DEFAULT\Software\Autodesk\Inventor Server SDK ACAD 2013\RegistryVersion17.0\System\Preferences\ColorSchemes\Schemes\07]
"EnvironmentCubeTexturePath"="Chrome.dds"
[HKEY_USERS\.DEFAULT\Software\Autodesk\Inventor Server SDK ACAD 2013\RegistryVersion17.0\System\Preferences\ColorSchemes\Schemes\11]
"EnvironmentCubeTexturePath"="Chrome.dds"
[HKEY_USERS\.DEFAULT\Software\Autodesk\Inventor Server SDK ACAD 2015\RegistryVersion19.0\System\Preferences\ColorSchemes\Schemes\07]
"EnvironmentCubeTexturePath"="Chrome.dds"
[HKEY_USERS\.DEFAULT\Software\Autodesk\Inventor Server SDK ACAD 2015\RegistryVersion19.0\System\Preferences\ColorSchemes\Schemes\11]
"EnvironmentCubeTexturePath"="Chrome.dds"
[HKEY_USERS\.DEFAULT\Software\Autodesk\Inventor Server SDK ACAD 2016\RegistryVersion20.0\System\Preferences\ColorSchemes\Schemes\07]
"EnvironmentCubeTexturePath"="Chrome.dds"
[HKEY_USERS\.DEFAULT\Software\Autodesk\Inventor Server SDK ACAD 2016\RegistryVersion20.0\System\Preferences\ColorSchemes\Schemes\11]
"EnvironmentCubeTexturePath"="Chrome.dds"
[HKEY_USERS\.DEFAULT\Software\Autodesk\InvSvr_x64_NAVMAN_13\RegistryVersion20.0\System\Preferences\ColorSchemes\Schemes\07]
"EnvironmentCubeTexturePath"="Chrome.dds"
[HKEY_USERS\.DEFAULT\Software\Autodesk\InvSvr_x64_NAVMAN_13\RegistryVersion20.0\System\Preferences\ColorSchemes\Schemes\11]
"EnvironmentCubeTexturePath"="Chrome.dds"
[HKEY_USERS\.DEFAULT\Software\Google\Chrome]
[HKEY_USERS\S-1-5-21-3488279127-63086370-3813774398-1001\SOFTWARE\Autodesk\Inventor Server SDK ACAD 2013\RegistryVersion17.0\System\Preferences\ColorSchemes\Schemes\07]
"EnvironmentCubeTexturePath"="Chrome.dds"
[HKEY_USERS\S-1-5-21-3488279127-63086370-3813774398-1001\SOFTWARE\Autodesk\Inventor Server SDK ACAD 2013\RegistryVersion17.0\System\Preferences\ColorSchemes\Schemes\11]
"EnvironmentCubeTexturePath"="Chrome.dds"
[HKEY_USERS\S-1-5-21-3488279127-63086370-3813774398-1001\SOFTWARE\Autodesk\Inventor Server SDK ACAD 2014\RegistryVersion18.0\System\Preferences\ColorSchemes\Schemes\07]
"EnvironmentCubeTexturePath"="Chrome.dds"
[HKEY_USERS\S-1-5-21-3488279127-63086370-3813774398-1001\SOFTWARE\Autodesk\Inventor Server SDK ACAD 2014\RegistryVersion18.0\System\Preferences\ColorSchemes\Schemes\11]
"EnvironmentCubeTexturePath"="Chrome.dds"
[HKEY_USERS\S-1-5-21-3488279127-63086370-3813774398-1001\SOFTWARE\Autodesk\Inventor Server SDK ACAD 2015\RegistryVersion19.0\System\Preferences\ColorSchemes\Schemes\07]
"EnvironmentCubeTexturePath"="Chrome.dds"
[HKEY_USERS\S-1-5-21-3488279127-63086370-3813774398-1001\SOFTWARE\Autodesk\Inventor Server SDK ACAD 2015\RegistryVersion19.0\System\Preferences\ColorSchemes\Schemes\11]
"EnvironmentCubeTexturePath"="Chrome.dds"
[HKEY_USERS\S-1-5-21-3488279127-63086370-3813774398-1001\SOFTWARE\Autodesk\Inventor Server SDK ACAD 2016\RegistryVersion20.0\System\Preferences\ColorSchemes\Schemes\07]
"EnvironmentCubeTexturePath"="Chrome.dds"
[HKEY_USERS\S-1-5-21-3488279127-63086370-3813774398-1001\SOFTWARE\Autodesk\Inventor Server SDK ACAD 2016\RegistryVersion20.0\System\Preferences\ColorSchemes\Schemes\11]
"EnvironmentCubeTexturePath"="Chrome.dds"
[HKEY_USERS\S-1-5-21-3488279127-63086370-3813774398-1001\SOFTWARE\Autodesk\InvSvr_x64_NAVMAN_13\RegistryVersion20.0\System\Preferences\ColorSchemes\Schemes\07]
"EnvironmentCubeTexturePath"="Chrome.dds"
[HKEY_USERS\S-1-5-21-3488279127-63086370-3813774398-1001\SOFTWARE\Autodesk\InvSvr_x64_NAVMAN_13\RegistryVersion20.0\System\Preferences\ColorSchemes\Schemes\11]
"EnvironmentCubeTexturePath"="Chrome.dds"
[HKEY_USERS\S-1-5-21-3488279127-63086370-3813774398-1001\SOFTWARE\Google\Chrome]
[HKEY_USERS\S-1-5-21-3488279127-63086370-3813774398-1001\SOFTWARE\Microsoft\Internet Explorer\IEDevTools\Options\UAString]
"Chrome"="Mozilla/5.0 (Windows NT 6.2) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.52 Safari/536.5"
[HKEY_USERS\S-1-5-21-3488279127-63086370-3813774398-1001\SOFTWARE\Microsoft\Internet Explorer\IEDevTools\Options\UAString]
"Chrome"="Mozilla/5.0 (Windows NT 6.2) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.52 Safari/536.5"
[HKEY_USERS\S-1-5-21-3488279127-63086370-3813774398-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\ChromeMigration]
[HKEY_USERS\S-1-5-21-3488279127-63086370-3813774398-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\ChromeMigration]
[HKEY_USERS\S-1-5-18\Software\Autodesk\Inventor Server SDK ACAD 2013\RegistryVersion17.0\System\Preferences\ColorSchemes\Schemes\07]
"EnvironmentCubeTexturePath"="Chrome.dds"
[HKEY_USERS\S-1-5-18\Software\Autodesk\Inventor Server SDK ACAD 2013\RegistryVersion17.0\System\Preferences\ColorSchemes\Schemes\11]
"EnvironmentCubeTexturePath"="Chrome.dds"
[HKEY_USERS\S-1-5-18\Software\Autodesk\Inventor Server SDK ACAD 2015\RegistryVersion19.0\System\Preferences\ColorSchemes\Schemes\07]
"EnvironmentCubeTexturePath"="Chrome.dds"
[HKEY_USERS\S-1-5-18\Software\Autodesk\Inventor Server SDK ACAD 2015\RegistryVersion19.0\System\Preferences\ColorSchemes\Schemes\11]
"EnvironmentCubeTexturePath"="Chrome.dds"
[HKEY_USERS\S-1-5-18\Software\Autodesk\Inventor Server SDK ACAD 2016\RegistryVersion20.0\System\Preferences\ColorSchemes\Schemes\07]
"EnvironmentCubeTexturePath"="Chrome.dds"
[HKEY_USERS\S-1-5-18\Software\Autodesk\Inventor Server SDK ACAD 2016\RegistryVersion20.0\System\Preferences\ColorSchemes\Schemes\11]
"EnvironmentCubeTexturePath"="Chrome.dds"
[HKEY_USERS\S-1-5-18\Software\Autodesk\InvSvr_x64_NAVMAN_13\RegistryVersion20.0\System\Preferences\ColorSchemes\Schemes\07]
"EnvironmentCubeTexturePath"="Chrome.dds"
[HKEY_USERS\S-1-5-18\Software\Autodesk\InvSvr_x64_NAVMAN_13\RegistryVersion20.0\System\Preferences\ColorSchemes\Schemes\11]
"EnvironmentCubeTexturePath"="Chrome.dds"
[HKEY_USERS\S-1-5-18\Software\Google\Chrome]

====== End of Search ======
Blazinby
Regular Member
 
Posts: 18
Joined: January 11th, 2016, 7:46 pm

Re: finish off malware removal

Unread postby capnkrunch » January 22nd, 2016, 8:28 am

Hello Blazinby :)

Please follow the instructions HERE to boot into Safe Mode and try changing changing MSConfig to Normal Startup again.

Note: These are slightly different than the previous MSConfig instructions. You will not have access to the internet in Safe Mode so I'd recommend printing these instructions or bring them up on another device.

Step one...

Reenable Items With MSConfig
  • Press the Windows Key + R.
  • Type msconfig.exe into the text box and click OK.
  • Click the Services tab and click Enable all then Apply.
  • Click the Startup tab and click Enable all then Apply.
  • Click the General tab check Normal startup and click OK.
  • You will be prompted to restart your computer. Click Restart.

Make sure your computer is booted into Normal Mode before continuing the rest of the steps.

Step two...

FRST Fix
  • You should still have FRST64.exe in your Downloads folder. If not please download it HERE.
  • Press the Windows Key + R.
  • Type notepad.exe into the text box and click OK.
  • A blank Notepad page should open.
    • Copy and Paste the following script into Notepad, Do not include the words Code: Select all.
    • (Click the Select all button next to Code: to select the entire script).
    Code: Select all
    CreateRestorePoint:
    [-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
    [-HKEY_USERS\S-1-5-18\Software\Google\Chrome]
    [-HKEY_USERS\S-1-5-21-3488279127-63086370-3813774398-1001\SOFTWARE\Google\Chrome]
    [-HKEY_USERS\.DEFAULT\Software\Google\Chrome]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Chrome]
    
    EmptyTemp:
    CMD: ipconfig /flushdns
  • Save it next to FRST64.exe as fixlist.txt.
    Important! fixlist.txt must be saved in the same directory as FRST64.exe to work.
  • Right click on FRST64.exe and select Run as administrator.
  • Press the Fix button one time only and wait.
  • When FRST finishes you will be prompted to reboot your computer. Click OK.
  • Your computer should now restart. On reboot navigate to your Desktop where you should find Fixlog.txt. Copy and paste the contents in your reply.

Step three...

Revised FRST Scan
  • You should still have FRST64.exe in your Downloads folder. If not please download it HERE.
  • Close all open programs and windows so you are at your Desktop.
  • Right click FRST64.exe and select Run as administrator.
  • Under Optional Scan check Addition.txt.
  • Press the Scan button and wait while the scan finishes.
  • Once finished, two files will open: FRST.txt and Addition.txt. Please copy and paste the contents of both logs in your reply.
    The logs can also be found in the same directory where FRST was run from.

Step four...

ESET Online Scanner
NOTE: ESET Online Scanner can be run from Internet Explorer, Firefox, or Chrome.
  • First please disable any antivirus you have active, as shown in this topic.
  • Close all open programs and windows.
  • Open your browser by right clicking and selecting Run as administrator.
  • Go to the ESET Online Scanner site.
  • Click on the green Run ESET Online Scanner button.
    • If using Firefox or Chrome, you will need to download a small utility.
    • Right click esetsmartinstaller_enu.exe and select Run as administrator.
  • Check the box to agree to the terms of use and click Start.
    • If using Internet Explorer, click Install when prompted to install the add-on.
  • Check Enable detection of of potentially unwanted applications.
  • Click Advanced settings.
  • UNCHECK Remove found threats.
  • Ensure the following are checked:
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start.
  • ESET Online Scanner will download its virus signature database then automatically start the scan.
    The scan will take a while. Please be patient and do not use your computer during the scan. Some people find it best to let the scan run overnight.
  • When the scan completes press the text: Image
  • Press the text: Image then save the file to your desktop as ESETScan.txt.
  • Press the Back button then press the Finish button.
  • Copy and paste the contents of ESETScan.txt in your next reply.
    Note: If no threats are found, there is no option to create a log. Just report back to me there was nothing found.
IMPORTANT: Do not forget to re-enable your antivirus software.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections...

In your next reply please include:
  • Did you have any problems with the instructions?
  • Fixlog.txt
  • FRST.txt
  • Addition.txt
  • ESETScan.txt
  • Are there any changes in computer behavior?
User avatar
capnkrunch
MRU Master
MRU Master
 
Posts: 793
Joined: March 20th, 2015, 6:41 pm
Location: Chicago

Re: finish off malware removal

Unread postby capnkrunch » January 24th, 2016, 9:35 am

Hello Blazinby :)

It has been 48 hours since my last post.
  • Do you still need help?
  • Do you need more time?
  • Are you having problems following my instructions?
  • According to Malware Removal's latest policy, topics can be closed after 3 days without a response.
  • If you do not reply within the next 24 hours, this topic will be closed.
User avatar
capnkrunch
MRU Master
MRU Master
 
Posts: 793
Joined: March 20th, 2015, 6:41 pm
Location: Chicago

Re: finish off malware removal

Unread postby Blazinby » January 24th, 2016, 3:42 pm

Hi capncrunch,

sorry for the delay, I will try to have a complete reply tonight

regards

Blazinby
Blazinby
Regular Member
 
Posts: 18
Joined: January 11th, 2016, 7:46 pm

Re: finish off malware removal

Unread postby Blazinby » January 25th, 2016, 6:18 pm

Hi capnkrunch :) and thanks for you continued help

I cannot get my PC to boot in safe mode whenever I hit F8 on cold boot I am taken to the ASUS bios manager when I select the boot option I am presented with various drives to boot from but nowhere does it have the option to boot in safe mode. I was wondering if there is any other way boot in safe mode without using msconfig?

thanks

Blazinby
Blazinby
Regular Member
 
Posts: 18
Joined: January 11th, 2016, 7:46 pm

Re: finish off malware removal

Unread postby capnkrunch » January 26th, 2016, 8:40 am

Hello Blazinby :)

Please try this method for booting into safe mode and then proceed with the rest of the steps from my last post.

Note: you will not have access to the internet while in Safe Mode so it may be useful to print these instructions or have access to them from another device.

Boot Into Safe Mode
  • Click Start and then click Settings.
  • Click Update & Security and select Recovery from the left-hand pane.
  • Under Advanced start-up click the Restart now button.
  • Your machine will restart to the Choose an option screen.
  • Select Troubleshoot > Advanced options > Startup Settings > Restart.
  • Your computer will reboot in the Startup Settings screen.
  • Press F4 to start your computer in Safe Mode.

Please continue with the rest of my instructions from my last post, starting with Step one.

If you are still unable to boot to Safe Mode continue with my instructions starting from Step two and let me know what happened when you tried to get to Safe Mode in your reply.

As a reminder, here the logs I need in your next post.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections...

In your next reply please include:
  • Did you have any problems with the instructions?
  • Fixlog.txt
  • FRST.txt
  • Addition.txt
  • ESETScan.txt
  • Are there any changes in computer behavior?
User avatar
capnkrunch
MRU Master
MRU Master
 
Posts: 793
Joined: March 20th, 2015, 6:41 pm
Location: Chicago
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 113 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware